HIGH🇬🇧 English

CVE-2024-23345

CVSS 7.1v3.1pub. 2024-01-23upd. 2024-11-21

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
  • Networktocode Nautobot

    APP
    Networktocode
    < 1.6.102.0.0 – 2.1.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2026-44797HIGH8.5ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's W...

CVE-2026-44798HIGH7.1ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with ...

CVE-2024-34707HIGH7.5ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges c...

CVE-2024-32979HIGH7.5ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Djan...

CVE-2023-48705HIGH7.1ten sam produkt

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of ...