CVE-2025-40904 is a medium-severity stored HTML injection issue in Nozomi Networks Smart Polling. According to the supplied description and NVD record, an authenticated user with limited privileges can submit malicious remote strategies containing HTML tags through sync. When another user views the affected strategy, the injected HTML renders in the browser, creating phishing and possible open-redirect ri [truncated]
CVE-2025-40902 is a stored HTML injection issue in Nozomi Networks Users functionality. An authenticated administrator can create a malicious user whose username contains HTML tags, and the injected content can render when another user attempts to delete a group containing that account. The practical impact described in the source material is browser-based phishing and possible open redirect abuse; the ve [truncated]
CVE-2025-40901 is a stored HTML injection issue in Nozomi Networks Credentials Manager. According to the CVE record, an authenticated user with administrative privileges can define a malicious identity containing HTML tags, and when another user attempts to delete that identity, the injected HTML is rendered in the browser. The stated impact is primarily phishing risk and possible open redirect behavior; [truncated]
CVE-2025-40900 is a medium-severity Angular template injection vulnerability affecting Nozomi Networks CMC and Guardian versions before 26.1.0. The issue is in the Reports functionality and stems from improper validation of an input parameter. An authenticated user with report privileges can create a malicious report, or a victim can be tricked into importing a malicious report template. When the report i [truncated]
An access control vulnerability in the Reports section of Siemens RUGGEDCOM APE1808LNX devices allows authenticated users with reporting privileges to bypass intended restrictions and modify reporting configuration. The flaw stems from improper enforcement of access controls for limited-privilege users. Successful exploitation requires the attacker to craft a specific application request, which could lead [truncated]