Lucene search
K

5 matches found

NVD
NVD
added 2026/04/15 9:16 a.m.7 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 8:18 a.m.28 views

CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 8:18 a.m.16 views

CVE-2025-40899

CVE-2025-40899: A Stored XSS flaw in Guardian/CMC (Assets and Nodes) before 26.0.0 arises from improper input validation on a field that can be defined by an authenticated user with custom fields privileges. A malicious custom field containing JavaScript is stored and later executed in the victim...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:18 a.m.5 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 8:18 a.m.4 views

CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References1
Rows per page
Query Builder