Stefano Libero

**Name of the Vulnerable Software and Affected Versions** Asset List (affected versions not specified) **Description** A Stored HTML Injection issue exists in the Asset List functionality because of inadequate validation of network traffic data. An unauthenticated attacker can send crafted network packets to inject HTML tags into asset attributes. When a victim views the affected assets in the Asset List and similar functions, the injected HTML renders in their browser, potentially enabling phishing and open redirect attacks. Existing input validation and Content Security Policy configurations prevent full Cross-Site Scripting (XSS) exploitation and direct information disclosure. The vulnerability involves improper validation of network traffic data, allowing for the injection of HTML tags. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** A Stored Cross-Site Scripting issue exists in the Reports functionality because of inadequate input validation. An authenticated user possessing report privileges can create a malicious report containing a JavaScript payload, or a victim can be tricked into importing a malicious report template. When a victim views or imports the report, the XSS executes within their browser, potentially enabling an attacker to perform unauthorized actions as the victim, including modifying application data, disrupting application availability, and accessing limited sensitive information. The vulnerability involves improper validation of an input parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Time Machine (affected versions not specified) **Description** A Stored HTML Injection issue exists in the Time Machine Snapshot Diff functionality because of inadequate validation of network traffic data. An attacker who does not need to be authenticated can send crafted network packets at specific times to inject HTML tags into asset attributes across two snapshots. To successfully exploit this, a user must utilize the Time Machine Snapshot Diff feature on the targeted snapshots and perform specific GUI actions, which will then render the injected HTML in their browser. This can lead to phishing and open redirect attacks. While full Cross-Site Scripting (XSS) exploitation is prevented by input validation and Content Security Policy, the injected HTML can still pose a risk. The complexity of exploitation is high due to the multiple conditions that must be met. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2025-3718 **Description** A client-side path traversal issue exists in the web management interface front-end because of inadequate input validation. An authenticated user with limited privileges can create a malicious URL. Visiting this URL by an authenticated victim can result in a Cross-Site Scripting (XSS) attack. The vulnerability involves a missing validation of an input parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guardian/CMC (affected versions not specified) **Description** An access control issue was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration, resulting in a partial loss of data integrity. In instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as reports may not reach their intended destination, and limited information disclosure impacts. Modifying the destination SMTP server for the reports could lead to the compromise of external credentials, expanding the scope of the attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nozomi Guardian and Nozomi Central Management Console (CMC) (affected versions not specified) **Description** The issue is related to the SAML (Security Assertion Markup Language) technology, where an authenticated administrator can upload a SAML configuration file with the wrong format. The application does not check the correct file format, leading to every subsequent application request returning an error. This renders the whole application unusable until a console intervention is made. The vulnerability is associated with insufficient input validation when uploading configuration files, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nozomi Networks Guardian and CMC (affected versions not specified) **Description** A blind SQL Injection vulnerability, due to improper input validation in the `alerts count` component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** An access control issue was found due to restrictions not being enforced in the debug functionality. This allows an authenticated user with reduced visibility to obtain unauthorized information via the debug functionality, accessing data that would normally be inaccessible in the Query and Assertions functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nozomi Guardian and Nozomi Central Management Console (CMC) (affected versions not specified) **Description** A partial Denial of Service (DoS) issue has been identified in the Reports section. This issue can be exploited by a malicious authenticated user who forces a report to be saved with its name set as null, specifically by setting the `name` variable to null. The exploitation of this issue may cause the reports section to be partially unavailable for subsequent attempts to use it, with the report list appearing to be stuck on loading. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nozomi Networks Guardian and CMC (affected versions not specified) **Description** A blind SQL Injection issue exists due to improper input validation in the `sorting parameter`, allowing an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. This enables authenticated users to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nozomi Networks Guardian and CMC (affected versions not specified) **Description** The issue is caused by improper input validation in the Alerts controller, allowing an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. This enables the attacker to manipulate the database, potentially leading to unauthorized data access or modification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nozomi Guardian and Nozomi Central Management Console (CMC) (affected versions not specified) **Description** An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, which will be stored and can later be executed by another legitimate user viewing the details of such a rule. This allows an attacker to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection is possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.