Description
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected schedule, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Published: 2026-05-19
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored HTML injection flaw exists in the Schedule Restore Archive feature of Nozomi Networks' CMC and Guardian platforms. The flaw arises from improper validation of an input parameter, allowing an authenticated administrator to embed malicious HTML tags into a restore schedule. When a victim views the schedule, the injected HTML renders in their browser, potentially facilitating phishing or open redirect attacks. Full XSS exploitation and direct information disclosure are mitigated by existing content security policies and input validation, but the injected content still poses a usability‑based threat.

Affected Systems

Nozomi Networks CMC and Guardian versions earlier than v26.1.0 are affected, regardless of deployment size or location.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate risk. Exploitation requires an authenticated user with administrative privileges, and no public exploitation evidence exists. The likely attack vector is inferred to be authenticated remote access to the web management interface, which is typically restricted to trusted administrators. Because the vulnerability is not exploitable without admin credentials, the practical exploitation risk is lower than high‑severity vulnerabilities but still significant for organizations with broad admin access.

Generated by OpenCVE AI on May 19, 2026 at 14:36 UTC.

Remediation

Vendor Solution

Upgrade to v26.1.0 or later.

Vendor Workaround

Use internal firewall features to limit access to the web management interface.

OpenCVE Recommended Actions

  • Upgrade CMC and Guardian to version 26.1.0 or later.
  • Restrict web management interface access by configuring internal firewall rules to limit traffic to trusted IP ranges.
  • Audit and remove any redundant administrative accounts from the system.

Generated by OpenCVE AI on May 19, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Nozominetworks
Nozominetworks cmc
Nozominetworks guardian
CPEs cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozominetworks
Nozominetworks cmc
Nozominetworks guardian

Tue, 19 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected schedule, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Title HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-79
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Nozomi Networks Cmc Guardian
Nozominetworks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-19T13:58:34.152Z

Reserved: 2025-04-16T09:04:35.923Z

Link: CVE-2025-40903

cve-icon Vulnrichment

Updated: 2026-05-19T13:58:21.945Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-19T14:16:28.130

Modified: 2026-05-19T17:44:04.967

Link: CVE-2025-40903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T14:45:07Z

Weaknesses