CVE-2025-40893

Name of the Vulnerable Software and Affected Versions Asset List (affected versions not specified)

Description A Stored HTML Injection issue exists in the Asset List functionality because of inadequate validation of network traffic data. An unauthenticated attacker can send crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the Asset List and similar functions, the injected HTML renders in their browser, potentially enabling phishing and open redirect attacks. Existing input validation and Content Security Policy configurations prevent full Cross-Site Scripting (XSS) exploitation and direct information disclosure. The vulnerability involves improper validation of network traffic data, allowing for the injection of HTML tags.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.