CVE-2024-56915

MEDIUM

Netbox 4.1.7-4.2.2 - Cross-Site Scripting via RSS Feed Widget

Title source: llm
STIX 2.1

Description

Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.

Scores

CVSS v3 6.5
EPSS 0.0039
EPSS Percentile 30.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
netbox/netbox 4.1.7 - 4.2.2
Published Jun 26, 2025
Tracked Since Feb 18, 2026