272 matches found
CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across t...
Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...
HTML injection in Asset List in Guardian/CMC before 25.5.0
Summary A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of network traffic data. Impact An unauthenticated attacker can send specially crafted network packets to inject HTML tags into asset attributes. When a victim views the affecte...
CVE-2025-40890 Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0
A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. An authenticated low-privilege user can craft a malicious dashboard containing a JavaScript payload and share it with victim users, or a victim can be...
Nozomi Networks CMC和Nozomi Networks Guardian 跨站脚本漏洞
Nozomi Networks CMC and Nozomi Networks Guardian are both products of Nozomi Networks, Inc. of the U.S. Nozomi Networks CMC is a network management platform.Nozomi Networks Guardian is a protection software. A cross-site scripting vulnerability exists in Nozomi Networks CMC and Nozomi Networks...
Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0
Summary A Stored Cross-Site Scripting vulnerability was discovered in the Dashboards functionality due to improper validation of an input parameter. Impact An authenticated low-privilege user can craft a malicious dashboard containing a JavaScript payload and share it with victim users, or a vict...
CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0
A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...
CVE-2025-40887 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...
CVE-2025-40886 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...
CVE-2025-40885 Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...
CVE-2025-40885 Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...
CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scriptin...
CVE-2025-3718 Client-side path traversal in Guardian/CMC before 25.2.0
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scriptin...
EUVD-2021-27406
Malware in sbrugna...
EUVD-2019-9014
Malware in sbrugna...
EUVD-2021-27407
Malware in sbrugna...
EUVD-2018-12570
Malware in sbrugna...
EUVD-2020-17743
Malware in sbrugna...