What is the CVSS score of CVE-2024-56917?

CVE-2024-56917 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Netbox are affected by CVE-2024-56917?

NetBox Community 4.1.7 contains a cross-site scripting (XSS) vulnerability in the maintenance banner that could allow attackers to inject malicious scripts affecting users who access the application.

Is there a public PoC exploit available for CVE-2024-56917?

Yes, a public proof-of-concept exploit is available for CVE-2024-56917. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2024-56917?

Within 24 hours: Disable maintenance mode or restrict access to the maintenance banner feature if operationally feasible; document current NetBox version across all instances. Within 7 days: Implement WAF rules to sanitize maintenance banner input and block known XSS payloads; conduct audit of maintenance mode usage logs for suspicious activity. Within 30 days: Upgrade to NetBox 4.1.8 or later when patch is released; if unavailable, evaluate alternative network documentation solutions or air-gap the affected instances.

Netbox CVE-2024-56917

EUVD-2024-54697 HIGH

Cross-site Scripting (XSS) (CWE-79)

2025-06-24 cve@mitre.org

XSS Netbox

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2024-54697

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

PoC Detected

Jun 30, 2025 - 14:44 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 20:15 nvd

HIGH 7.1

DescriptionCVE.org

Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.

AnalysisAI

A cross-site scripting vulnerability in Netbox Community 4.1.7 (CVSS 7.1). Risk factors: public PoC available.

Technical ContextAI

CWE-79 (Cross-site Scripting). CVSS 7.1 indicates high severity. Affects Netbox Community 4.1.7.

RemediationAI

Monitor vendor channels for patch availability.

Vendor StatusVendor

Debian

Bug #1017079

netbox

Release	Status	Fixed Version	Urgency
	open	-	-

CVE-2024-56917 vulnerability details – vuln.today

Back