NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Netbox |
|
No data.
No data.
References
History
Wed, 04 Feb 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Netbox
Netbox netbox |
|
| Vendors & Products |
Netbox
Netbox netbox |
Tue, 03 Feb 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-02-03T17:40:18.903Z
Reserved: 2026-01-09T00:00:00.000Z
Link: CVE-2025-69848
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2026-02-03T18:16:17.040
Modified: 2026-02-04T16:34:21.763
Link: CVE-2025-69848
Redhat
No data.