Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:LNetworktocode Nautobot
APPNetworktocode< 1.6.102.0.0 – 2.1.2 (bez)
Related vulnerabilities
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's W...
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with ...
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges c...
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Djan...
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of ...