Description
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.



A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Published: 2026-03-04
Score: 2.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Stored HTML Injection leading to phishing and potential open redirect vulnerabilities on the Alerted Nodes Dashboard
Action: Apply Patch
AI Analysis

Impact

A stored HTML injection flaw exists in the Alerted Nodes Dashboard of Nozomi Networks CMC and Guardian products. The flaw permits an authenticated user with sufficient privileges to edit a node label and embed arbitrary HTML into that label. When a victim user views the dashboard and a related alert is displayed, the injected HTML is rendered by the browser, enabling phishing attempts and possibly open redirect attacks. Full cross‑site scripting is mitigated by input validation and the system’s Content Security Policy, and direct information disclosure is prevented by existing controls.

Affected Systems

Nozomi Networks CMC and Guardian users running any release earlier than v25.6.0 are affected. The vulnerability applies to any deployment that utilizes the Alerted Nodes Dashboard feature.

Risk and Exploitability

The CVSS score of 2.1 indicates low overall severity, and the EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability requires an authenticated user with privilege to modify node labels and a system that displays alerts for the affected node. It is not currently listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 20, 2026 at 16:32 UTC.

Remediation

Vendor Solution

Upgrade to v25.6.0 or later.

OpenCVE Recommended Actions

  • Upgrade Nozomi Networks CMC and Guardian to version 25.6.0 or later to eliminate the injection flaw.
  • Limit the ability to edit node labels to only users who must perform that action, preventing unauthorized injection attempts.
  • If upgrading is not possible, consider disabling the Alerted Nodes Dashboard or filtering out alerts for nodes that have been edited with suspicious labels to avoid rendering malicious HTML.

Generated by OpenCVE AI on April 20, 2026 at 16:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
References

Thu, 05 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Nozominetworks
Nozominetworks cmc
Nozominetworks guardian
CPEs cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozominetworks
Nozominetworks cmc
Nozominetworks guardian

Wed, 04 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Description A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Title HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-79
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Nozomi Networks Cmc Guardian
Nozominetworks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-04-14T08:58:11.923Z

Reserved: 2025-04-16T09:04:25.007Z

Link: CVE-2025-40894

cve-icon Vulnrichment

Updated: 2026-03-04T14:18:36.473Z

cve-icon NVD

Status : Modified

Published: 2026-03-04T14:16:13.657

Modified: 2026-04-14T10:16:27.453

Link: CVE-2025-40894

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:45:11Z

Weaknesses