Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Alerted Nodes Dashboard allows attackers to inject malicious HTML
CVE-2025-40894
Summary
A security issue in the Alerted Nodes Dashboard of a specific software allows a malicious user to inject malicious HTML code. This could potentially lead to phishing attacks or redirecting users to malicious websites if the system is configured to use this dashboard. Affected users should update their software to the latest version to fix this issue.
Original title
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.
A malicious authenticated user with the requir...
Original description
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter.
A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alerted Nodes Dashboard, and alerts are reported for the affected node, then the injected HTML may render in the browser of a victim user interacting with it, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
osv CVSS3.1
5.4
- https://security.nozominetworks.com/NN-2025:16-01 Vendor Advisory
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026