Vulnerabilities

CVE-2025-40895 - HTML injection in Sensor Map in CMC before 25.6.0

2026-03-04 0 views admin

CVE ID : CVE-2025-40895 Published : March 4, 2026, 2:16 p.m. | 17 minutes ago Description : A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML tags. If the Sensor Map functionality is enabled in the CMC, when a victim CMC user interacts with it, then the injected HTML may render in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-40895

Severity

MEDIUM

Published

March 4, 2026

Impact: XSS

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-40895medium

CVE-2025-40895 - HTML injection in Sensor Map in CMC before 25.6.0

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-21421 - Dell PowerScale OneFS Privilege Escalation Vulnerability

CVE-2026-21422 - Dell PowerScale OneFS External Control of System Setting Vulnerability

CVE-2026-21426 - Dell PowerScale OneFS Privilege Escalation Vulnerability

CVE-2026-21424 - Dell PowerScale OneFS Privilege Escalation Vulnerability

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting