CVE-2025-40890

Name of the Vulnerable Software and Affected Versions Dashboards (affected versions not specified)

Description A Stored Cross-Site Scripting issue exists in the Dashboards functionality because of inadequate validation of an input parameter. An authenticated, low-privilege user can create a malicious dashboard with a JavaScript payload and share it with other users, or a user can be tricked into importing a malicious dashboard template. When a user views or imports the dashboard, the JavaScript executes in their browser, potentially allowing an attacker to perform unauthorized actions as the user, including modifying application data, disrupting application availability, and accessing limited sensitive information. The attack involves crafting a malicious dashboard containing a JavaScript payload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.