{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T08:26:36.961","vulnerabilities":[{"cve":{"id":"CVE-2024-23345","sourceIdentifier":"security-advisories@github.com","published":"2024-01-23T00:15:26.690","lastModified":"2026-06-17T07:12:38.303","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nautobot is a Network Source of Truth and Network Automation Platform built as a web application.  All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2."},{"lang":"es","value":"Nautobot es una plataforma de automatización de redes y fuente de verdad de red creada como una aplicación web. Todos los usuarios de versiones de Nautobot anteriores a 1.6.10 o 2.1.2 se ven potencialmente afectados por una vulnerabilidad de cross-site scripting. Debido a una sanitización de entrada inadecuada, cualquier campo editable por el usuario que admita la representación de Markdown, incluido el mismo, es potencialmente susceptible a ataques de cross-site scripting (XSS) a través de datos creados con fines malintencionados. Este problema se solucionó en las versiones 1.6.10 y 2.1.2 de Nautobot."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nautobot","product":"nautobot","versions":[{"version":">= 2.0.0, < 2.1.2","status":"affected"},{"version":"< 1.6.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":5.3},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-08T19:09:16.603356Z","id":"CVE-2024-23345","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.10","matchCriteriaId":"9B240ABD-D9C3-4C3F-969A-8D75BC9C0C13"},{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.1.2","matchCriteriaId":"814D6EE3-ED3C-46D1-A5E9-6FF192CDE8B7"}]}]}],"references":[{"url":"https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/pull/5133","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/pull/5134","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/pull/5133","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/pull/5134","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}