Version: 3.5.6 Description An authenticated malicious user can take advantage of a Stored XSS vulnerability in "Maintenance banner" function in the "[Home]› [Extras] › [Config revisions] › Add config revision" feature.

Proof of Concept Step 1: Go to "https://demo.netbox.dev/admin/extras/configrevision/add/" click "Add" and insert payload in "Maintenance banner:" field, And "Save"

Step 2: Try to login with an other account and Go to "https://demo.netbox.dev/admin/extras/configrevision/add/". Then, script excuted

Impact If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.

Report by @TuLe from HSCT Security.