CVE-2025-40892

High CVSS: 7.1

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.

Vendor

Nozominetworks

Product

Cmc

CWE

CWE-79

Yayın Tarihi

2025-12-18 14:15:59

Güncelleme

2026-01-06 20:10:01

Source Identifier

prodsec@nozominetworks.com

KEV Date Added

Kategoriler

CWE-79 Cmc HIGH Nozominetworks 2025

Referanslar

https://security.nozominetworks.com/NN-2025:13-01

Benzer Kayıtlar

Medium

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could per…

Low

CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper valida…

Low

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on…

Low

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper val…

Medium

CVE-2025-40893

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of netwo…

High

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validatio…