CVE-2025-40900

Published: Mag 19, 2026 Last Modified: Mag 20, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 4,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low

Description

AI Translation Available

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the Angular template executes in their browser context, allowing the attacker to modify application data, or disrupt application availability. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

Single Data Point

Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.

1336

Improper Neutralization of Special Elements Used in a Template Engine

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: Java, PHP, Python, JavaScript, Interpreted
Technologies: Not Technology-Specific, AI/ML, Client Server
View CWE Details
Application

Guardian by Nozominetworks

Product Information
Vendor Nozominetworks
Product Guardian
Version Range Affected
To 26.1.0 (exclusive)
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Cmc by Nozominetworks

Product Information
Vendor Nozominetworks
Product Cmc
Version Range Affected
To 26.1.0 (exclusive)
cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://security.nozominetworks.com/NN-2026:3-01
https://security.nozominetworks.com/NN-2026:3-01