This vulnerability involves improper neutralization of input during web page generation (CWE-79) in the Time Machine Snapshot Diff functionality of Nozomi Networks Guardian. It allows an unauthenticated attacker to perform stored HTML injection by sending specially crafted network packets at two distinct times, resulting in injected HTML tags within asset attributes across snapshots. When a user views these snapshots and interacts with the GUI in a specific manner, the injected HTML is rendered in their browser. Although this can facilitate phishing and open redirect attacks, full cross-site scripting exploitation is mitigated by existing input validation and Content Security Policy. The attack requires high complexity due to the need for multiple conditions to be met. The CVSS 4.0 base score is 2.3, indicating low severity. There is no vendor advisory or patch information available at this time.

The vulnerability allows injection of HTML content into the web interface, which can be rendered in a victim's browser under specific conditions, potentially enabling phishing and open redirect attacks. However, full XSS exploitation is prevented by input validation and Content Security Policy. The attack requires an unauthenticated attacker to send crafted packets twice and a victim to perform specific GUI actions, making exploitation complex. There are no known exploits in the wild. The overall impact is low severity as reflected by the CVSS score of 2.3.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should be cautious when using the Time Machine Snapshot Diff feature, especially when viewing snapshots that may have been manipulated. Given the high attack complexity and existing input validation and Content Security Policy, no urgent mitigation actions are indicated by the available data.