CVE-2025-40892 in Guardian
Summary
by MITRE • 12/18/2025
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a malicious report template. When the victim views or imports the report, the XSS executes in their browser context, allowing the attacker to perform unauthorized actions as the victim, such as modify application data, disrupt application availability, and access limited sensitive information.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/06/2026
This stored cross-site scripting vulnerability exists within the reports functionality of the affected application, representing a critical security flaw that enables persistent malicious code execution. The vulnerability stems from inadequate input validation of a specific parameter within the report creation process, allowing attackers to inject malicious JavaScript payloads that persist in the system. The flaw specifically affects authenticated users who possess report privileges, creating a dangerous attack vector where malicious actors can craft harmful report templates containing embedded script code. According to the CWE framework, this represents a classic stored XSS vulnerability classified under CWE-79, which occurs when web applications fail to properly sanitize user-supplied data before storing and later rendering it in web pages without adequate output encoding.
The operational impact of this vulnerability extends beyond simple script execution, creating a comprehensive attack surface that can be exploited through multiple vectors. Attackers can leverage this weakness by either directly creating malicious report templates with embedded JavaScript payloads or by employing social engineering tactics to convince victims to import compromised report templates. When victims view or import these malicious reports, the stored JavaScript executes within their browser context, effectively hijacking their session and enabling a wide range of malicious activities. The attack surface encompasses data modification capabilities that allow unauthorized changes to application data, service disruption through availability attacks, and information disclosure of sensitive data that the victim has access to. This vulnerability directly aligns with ATT&CK technique T1566.001 for social engineering and T1059.007 for scripting, demonstrating how the vulnerability can be weaponized through both technical and social engineering approaches.
The security implications of this vulnerability are particularly severe due to its persistent nature and the elevated privileges required for exploitation. Unlike reflected XSS vulnerabilities that require specific user interactions, stored XSS attacks maintain their malicious payloads within the application's database or storage systems, ensuring repeated execution each time the compromised content is accessed. Authentication requirements do not adequately protect against this threat, as attackers can either use legitimate privileged accounts or manipulate the social engineering vector to compromise victim sessions. The vulnerability creates a persistent backdoor that can be exploited repeatedly, making it particularly dangerous for organizations with extensive report usage patterns. Security controls such as content security policies, proper input sanitization, and output encoding mechanisms should be implemented to prevent the storage and execution of malicious scripts, while also establishing proper access controls and user education programs to mitigate the social engineering component of the attack.