CVE-2025-3718

Medium CVSS: 5.8

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.

Vendor

Nozominetworks

Product

Cmc

CWE

CWE-22

Yayın Tarihi

2025-10-07 13:15:33

Güncelleme

2025-10-09 16:39:02

Source Identifier

prodsec@nozominetworks.com

KEV Date Added

Kategoriler

CWE-22 Cmc MEDIUM Nozominetworks 2025

Referanslar

https://security.nozominetworks.com/NN-2025:4-01

Benzer Kayıtlar

Medium

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could per…

Low

CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper valida…

Low

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on…

Low

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper val…

High

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an…

Medium

CVE-2025-40893

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of netwo…