Description
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Published: 2026-05-19
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored HTML injection vulnerability exists in the Users feature of Nozomi Networks CMC and Guardian when an administrator creates a user whose username contains HTML tags. The injected markup renders only when a victim deletes a group that includes this user, enabling phishing or possibly open redirect attacks. The vulnerability is an input validation flaw mapped to CWE‑79, and full XSS exploitation and direct information disclosure are mitigated by the product’s existing input validation and Content Security Policy.

Affected Systems

All installations of Nozomi Networks CMC and Guardian with a version earlier than 26.1.0 are affected, provided that administrative users can create or edit user accounts.

Risk and Exploitability

The CVSS score of 4.8 indicates a low‑to‑moderate risk. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting a low probability of widespread exploitation. The attack path requires a legitimate administrative account to create the malicious user, and the harmful effect only manifests when another user attempts to delete a group containing that user. Consequently, the risk is confined to scenarios involving group deletion by users who will view the injected content.

Generated by OpenCVE AI on May 19, 2026 at 14:36 UTC.

Remediation

Vendor Solution

Upgrade to v26.1.0 or later.

Vendor Workaround

Use internal firewall features to limit access to the web management interface.

OpenCVE Recommended Actions

  • Upgrade Nozomi Networks CMC and Guardian to version 26.1.0 or later to remove the vulnerable input handling.
  • Restrict access to the web management interface using internal firewall rules to limit exposure to non‑administrative users.
  • Review all administrative accounts, delete unnecessary ones, and ensure that usernames contain no HTML tags or other disallowed characters.

Generated by OpenCVE AI on May 19, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Nozominetworks
Nozominetworks cmc
Nozominetworks guardian
CPEs cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozominetworks
Nozominetworks cmc
Nozominetworks guardian

Tue, 19 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing the affected user, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Title HTML injection in Users in Guardian/CMC before 26.1.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-79
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Nozomi Networks Cmc Guardian
Nozominetworks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-19T14:04:37.503Z

Reserved: 2025-04-16T09:04:35.923Z

Link: CVE-2025-40902

cve-icon Vulnrichment

Updated: 2026-05-19T14:04:07.086Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-19T14:16:27.960

Modified: 2026-05-19T17:44:49.497

Link: CVE-2025-40902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T15:15:07Z

Weaknesses