Cross-site Scripting (XSS) Affecting nautobot package, versions [,1.6.10) [2.0.0, 2.1.2)
Threat Intelligence
EPSS
0.08% (33rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-NAUTOBOT-6184116
- published 23 Jan 2024
- disclosed 23 Jan 2024
- credit Leo Kirchner
Introduced: 23 Jan 2024
CVE-2024-23345 Open this link in a new tabHow to fix?
Upgrade nautobot
to version 1.6.10, 2.1.2 or higher.
Overview
nautobot is a Source of truth and network automation platform.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate input sanitization in user-editable fields that support Markdown rendering. An attacker can inject malicious scripts that may be executed in the context of the user's browser session by submitting specially crafted data.
References
CVSS Scores
version 3.1