CVE-2025-40904 is a medium-severity stored HTML injection issue in Nozomi Networks Smart Polling. According to the supplied description and NVD record, an authenticated user with limited privileges can submit malicious remote strategies containing HTML tags through sync. When another user views the affected strategy, the injected HTML renders in the browser, creating phishing and possible open-redirect ri [truncated]
CVE-2025-40902 is a stored HTML injection issue in Nozomi Networks Users functionality. An authenticated administrator can create a malicious user whose username contains HTML tags, and the injected content can render when another user attempts to delete a group containing that account. The practical impact described in the source material is browser-based phishing and possible open redirect abuse; the ve [truncated]
CVE-2025-40901 is a stored HTML injection issue in Nozomi Networks Credentials Manager. According to the CVE record, an authenticated user with administrative privileges can define a malicious identity containing HTML tags, and when another user attempts to delete that identity, the injected HTML is rendered in the browser. The stated impact is primarily phishing risk and possible open redirect behavior; [truncated]
