Nozomi Networks Guardian and CMC Stored HTML Injection Vulnerability in Alerted Nodes Dashboard

A stored HTML injection vulnerability has been identified in the Alerted Nodes Dashboard of Nozomi Networks Guardian and CMC versions prior to 25.6.0. This vulnerability arises from inadequate validation of an input parameter, allowing a malicious authenticated user with the necessary privileges to edit a node label and inject HTML tags. If the affected node generates alerts and the dashboard is in use, the injected HTML could be rendered in the browser of a user interacting with the dashboard. This could facilitate phishing attempts and potentially open redirect attacks. However, full exploitation of cross-site scripting (XSS) and direct information disclosure are mitigated by existing input validation and Content Security Policy settings.

Impact

Exploitation allows for stored HTML injection, with the potential for phishing attacks and open redirects, depending on the context. While cross-site scripting (XSS) and direct information disclosure are not fully exploitable due to current safeguards, the vulnerability could still be leveraged in a way that bypasses these protections.

Remediation

Users are advised to upgrade to Nozomi Networks Guardian or CMC version 25.6.0 or later.