Total vulnerabilities in the database
In Netbox Community 4.1.7, once authenticated, Configuration History > Addis vulnerable to cross-site scripting (XSS) due to the current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger.