GHSA-V7QW-HX66-4W9X: GHSA-v7qw-hx66-4w9x: Stored Cross-Site Scripting (XSS) in NetBox Data Flows …

1 / 3

GHSA-V7QW-HX66-4W9X: GHSA-v7qw-hx66-4w9x: Stored Cross-Site Scripting (XSS) in NetBox Data Flows Plugin

DEV Community·CVE Reports·25 days ago

#b9PduqFs

#exploit #security #cve #cybersecurity #netbox #flows

Reading 0:00

15s threshold

GHSA-v7qw-hx66-4w9x: Stored Cross-Site Scripting (XSS) in NetBox Data Flows Plugin Vulnerability ID: GHSA-V7QW-HX66-4W9X CVSS Score: 8.7 Published: 2026-05-07 A stored Cross-Site Scripting (XSS) vulnerability exists in the netbox-data-flows plugin for NetBox, affecting versions prior to 1.5.1. Authenticated attackers with permissions to modify ObjectAlias records can inject arbitrary HTML and JavaScript, which executes in the context of other users viewing DataFlow tables. TL;DR The netbox-data-flows plugin improperly escapes ObjectAlias names before rendering them in DataFlow tables. Authenticated users can inject malicious scripts into these fields, leading to stored XSS that can compromise high-privileged administrators.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-V7QW-HX66-4W9X: GHSA-v7qw-hx66-4w9x: Stored Cross-Site Scripting (XSS) in NetBox Data Flows Plugin