CVE-2024-47226 – A stored XSS vulnerability exists in NetBox 4.1... (How to Fix)

Q: What is the severity of CVE-2024-47226?

CVE-2024-47226 has a CVSS score of 5.4 (MEDIUM). A stored XSS vulnerability exists in NetBox 4.1.0's configuration history feature where authenticated users can inject malicious JavaScript/HTML into the 'Top banner' field. This allows attackers to execute arbitrary code in victims' browsers when they view the admin panel. The vulnerability is disputed as the banner field is designed to accept unsanitized HTML for notifications.

📋 TL;DR

A stored XSS vulnerability exists in NetBox 4.1.0's configuration history feature where authenticated users can inject malicious JavaScript/HTML into the 'Top banner' field. This allows attackers to execute arbitrary code in victims' browsers when they view the admin panel. The vulnerability is disputed as the banner field is designed to accept unsanitized HTML for notifications.

💻 Affected Systems

Products:

NetBox

Versions: 4.1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the configuration revision banner feature in the admin panel. Disputed as not a vulnerability since the field is intended for HTML content.

📦 What is this software?

Netbox by Netbox

View all CVEs affecting Netbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated malicious user could steal admin session cookies, perform actions as other users, or redirect users to malicious sites.

🟠

Likely Case

Limited impact since exploitation requires authenticated access and the field's purpose is to display HTML, making malicious content potentially obvious.

🟢

If Mitigated

Minimal impact if proper access controls limit who can modify configuration revisions and users are trained to recognize suspicious banner content.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the admin panel. The vulnerability is disputed by multiple parties as intended functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch as this is disputed as not a vulnerability. Consider upgrading to latest NetBox version for general security improvements.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit who has authenticated access to the admin panel configuration revision feature.

Monitor Banner Content

all

Regularly review configuration revision banners for suspicious HTML/JavaScript content.

🧯 If You Can't Patch

Implement strict access controls to limit who can modify configuration revisions.
Educate users to recognize and report suspicious banner content in the admin panel.

🔍 How to Verify

Check if Vulnerable:

Check if running NetBox 4.1.0 and verify if the configuration revision banner field accepts unsanitized HTML input.

Check Version:

Check NetBox version in admin interface or via application configuration.

Verify Fix Applied:

N/A as no official fix exists due to dispute about vulnerability status.

📡 Detection & Monitoring

Log Indicators:

Unusual modifications to configuration revision banners
Admin panel access from unexpected users

Network Indicators:

HTTP requests to /core/config-revisions/ with JavaScript payloads

SIEM Query:

Search for POST requests to '/core/config-revisions/' containing script tags or JavaScript patterns.

📊 Metadata

CVE ID: CVE-2024-47226

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: September 22, 2024

Last Updated: June 30, 2025

🔗 References

https://github.com/netbox-community/netbox/releases/tag/v4.1.0 Release Notes
https://github.com/tu3n4nh/netbox/issues/1 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47226, you might also want to check these: