CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

EUVD-2025-209895

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

CVE-2025-40904

The CVE-2025-40904 issue is a Stored HTML Injection in the Smart Polling feature. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags via sync; when a victim opens the affected remote strategy, injected HTML can render in their browser and enabl...

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

EUVD-2025-209896

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

CVE-2025-40903

Summary (technical details from sources): CVE-2025-40903 affects Guardian/CMC prior to version 26.1.0, in the Schedule Restore Archive function. A stored HTML injection flaw arises from improper validation of an input parameter in a restore schedule defined by an authenticated administrator. When...

CVE-2025-40902

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

EUVD-2025-209893

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

CVE-2025-40902

CVE-2025-40902 describes a Stored HTML Injection in the Guardian/CMC Users feature prior to 26.1.0. An authenticated admin can create a user whose username contains HTML tags; when a victim deletes a group containing that user, the injected HTML may render in the browser, enabling phishing and po...

CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

CVE-2025-40901 HTML injection in Credentials Manager in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...

CVE-2025-40901 HTML injection in Credentials Manager in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...

CVE-2025-40901

A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...

PT-2026-41889

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞

Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, a company based in the United States. Nozomi Networks CMC is a network management platform. Nozomi Networks Guardian is a security software. Both Nozomi Networks CMC and Nozomi Networks Guardian have cross-site...

PT-2026-41890

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

Nozomi Networks Guardian和Nozomi Networks CMC 跨站脚本漏洞

Nozomi Networks Guardian and Nozomi Networks CMC are both products of the American company Nozomi Networks. Nozomi Networks Guardian is an IoT device and software inspection system. Nozomi Networks CMC is an application software that provides centralized OT and IoT security management. Both Nozom...