netbox-community / netbox

The premier source of truth powering network automation. Open source under Apache 2. Try NetBox Cloud free: https://netboxlabs.com/free-netbox-cloud/

http://netboxlabs.com/oss/netbox/

Apache License 2.0

16.33k stars 2.6k forks source link

Stored Cross Site Scripting Vulnerability in "Configuration History" function in Netbox 4.1.6 #18043

Open tu3n4nh opened 3 days ago

tu3n4nh commented 3 days ago

Deployment Type

Self-hosted

Triage priority

I volunteer to perform this work (if approved)

NetBox Version

v4.1.6

Python Version

3.12

Steps to Reproduce

Version: 4.1.6

Description:

An authenticated malicious user can take advantage of a Stored XSS vulnerability in "Configuration History" function in the "Admin" feature.

Proof of Concept:

Step 1: Go to `/core/config-revisions/`, click "Add" and insert payload "`<script>alert(document.domain)</script>`" in "Top banner" field.

Step 2: Click "Create".

Step 3: Script excuted.

Expected Behavior

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.

Observed Behavior

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.