CVE-2025-40894

Name of the Vulnerable Software and Affected Versions Alerted Nodes Dashboard (affected versions not specified)

Description A stored HTML injection issue exists due to inadequate validation of an input parameter within the Alerted Nodes Dashboard functionality. A malicious, authenticated user possessing the necessary privileges can modify a node label to inject HTML tags. If the Alerted Nodes Dashboard is enabled and alerts are generated for the compromised node, the injected HTML may be displayed in a victim user's browser, potentially leading to phishing or open redirect attacks. Existing input validation and Content Security Policy configurations prevent full cross-site scripting (XSS) exploitation and direct information disclosure. The vulnerable parameter is the node label.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.