CVE-2023-33799

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33799

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33799.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-33799

Published

2023-05-24T20:15:11.003Z

Modified

2026-03-13T07:37:47.853349Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

References

https://github.com/anhdq201/netbox/issues/14

Affected packages

Git / github.com/netbox-community/netbox

Affected ranges

Type

GIT

Repo

https://github.com/netbox-community/netbox

Events

Introduced

Last affected

5f184f2435aad502a1f8f02f96c0dee7cc546651

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1"
        }
    ]
}

Affected versions

1.*

1.0.0

1.6.1

v1.*

v1.0.3

v1.0.3-r1

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.7-r1

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1-r1

v1.6.2-r1

v1.6.3

v1.7.0

v1.7.1

v1.7.2-r1

v1.7.3

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.9.0-r1

v1.9.1

v1.9.2

v1.9.3

v1.9.4-r1

v1.9.5

v1.9.6

v2.*

v2.0-beta1

v2.0-beta2

v2.0-beta3

v2.0.0

v2.0.1

v2.0.10

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.10-beta1

v2.10-beta2

v2.10.0

v2.10.1

v2.10.10

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.10.8

v2.10.9

v2.11-beta1

v2.11.0

v2.11.1

v2.11.10

v2.11.11

v2.11.12

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.11.6

v2.11.7

v2.11.8

v2.11.9

v2.2.0

v2.2.1

v2.2.10

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.4-beta1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5-beta1

v2.5-beta2

v2.5.0

v2.5.1

v2.5.10

v2.5.11

v2.5.12

v2.5.13

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6-beta1

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7-beta1

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9-beta1

v2.9-beta2

v2.9.0

v2.9.1

v2.9.10

v2.9.11

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

v3.*

v3.0-beta1

v3.0-beta2

v3.0.0

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1-beta1

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2-beta1

v3.2-beta2

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3-beta1

v3.3-beta2

v3.3.0

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4-beta1

v3.4.0

v3.4.1

v3.4.10

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.5-beta1

v3.5-beta2

v3.5.0

v3.5.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33799.json"