CVE-2025-40903

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description A stored HTML injection issue exists in the Schedule Restore Archive functionality caused by improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious restore schedule containing HTML tags. When viewed by another user, the injected HTML renders in the browser, which may facilitate phishing and open redirect attacks. Existing input validation and Content Security Policy (CSP)—a security layer that helps detect and mitigate certain types of attacks, including XSS—prevent full cross-site scripting (XSS) exploitation and direct information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.