Lucene search
+L

5 matches found

nvd
nvd
added 2026/04/15 9:16 a.m.7 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS0.00288EPSS
Exploits0References2
cve
cve
added 2026/04/15 8:18 a.m.16 views

CVE-2025-40899

CVE-2025-40899: A Stored XSS flaw in Guardian/CMC (Assets and Nodes) before 26.0.0 arises from improper input validation on a field that can be defined by an authenticated user with custom fields privileges. A malicious custom field containing JavaScript is stored and later executed in the victim...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/15 8:18 a.m.5 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/15 8:18 a.m.4 views

CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/15 8:18 a.m.31 views

CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS0.00288EPSS
Exploits0References1
Rows per page
Query Builder