Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Nautobot - CVE-2023-48705
Published: November 22, 2023 / Updated: May 11, 2026
Nautobot
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script code in a victim's browser.
The vulnerability exists due to improper neutralization of script-related html tags in custom links, job buttons, and computed fields when rendering user-authored content. A remote user can create or edit crafted content to execute arbitrary script code in a victim's browser.
User interaction is required to render a page containing the crafted content.