NetBox 4.3.5: Malicious Comments Can Harm Others' Screens

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

NetBox 4.3.5: Malicious Comments Can Harm Others' Screens

CVE-2025-57543

Summary

An attacker can inject malicious comments into NetBox's comment field, which can be viewed by other users and potentially cause them to see incorrect or misleading information on the screen. This could lead to confusion or other issues. You should update to a fixed version of NetBox to prevent this risk.

Original title

Original description

Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts.

https://gist.github.com/MerttTuran/d94acff59816bfd9492d1a738e89ebb4

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026