NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
| Link | Providers |
|---|---|
| https://github.com/netbox-community/netbox |
|
History
Tue, 03 Feb 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-02-03T17:40:18.903Z
Reserved: 2026-01-09T00:00:00.000Z
Link: CVE-2025-69848
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-03T18:16:17.040
Modified: 2026-02-03T18:16:17.040
Link: CVE-2025-69848
Redhat
No data.
OpenCVE Enrichment
No data.