CVE-2025-40904 HTML injection in Smart Polling in Guardian/CMC before 26.1.0
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...