CVE-2025-57543

MEDIUM

NetBox 4.3.5 - Stored Cross-Site Scripting in Comment Field

Title source: llm

Description

Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts.

References (1)

Core 1

Core References

https://gist.github.com/MerttTuran/d94acff59816bfd9492d1a738e89ebb4

Scores

CVSS v3 6.1

EPSS 0.0018

EPSS Percentile 7.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

netbox/netbox 4.3.5

Published Mar 16, 2026

Tracked Since Mar 16, 2026