CVE-2025-40892

Name of the Vulnerable Software and Affected Versions (affected versions not specified)

Description A Stored Cross-Site Scripting issue exists in the Reports functionality because of inadequate input validation. An authenticated user possessing report privileges can create a malicious report containing a JavaScript payload, or a victim can be tricked into importing a malicious report template. When a victim views or imports the report, the XSS executes within their browser, potentially enabling an attacker to perform unauthorized actions as the victim, including modifying application data, disrupting application availability, and accessing limited sensitive information. The vulnerability involves improper validation of an input parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.