CVE-2025-57543

MEDIUM

NetBox 4.3.5 - XSS

Title source: llm

Description

Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts.

References (1)

https://gist.github.com/MerttTuran/d94acff59816bfd9492d1a738e89ebb4

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

netbox/netbox 4.3.5

Published Mar 16, 2026

Tracked Since Mar 16, 2026