CVE-2023-22843: 
NixOS vulnerability analysis and mitigation

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. The vulnerability (CVE-2023-22843) was discovered in Nozomi Networks Guardian and CMC products versions prior to V22.6.2, and was disclosed on August 9, 2023 (Nozomi Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation). The issue allows JavaScript injection in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The vulnerability has received a CVSS v4.0 base score of 7.3 (High) and a CVSS v3.1 base score of 6.4 (Medium) (Nozomi Advisory).

Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. The injected code will be executed in the context of the authenticated victim's session (CISA Advisory).

The primary mitigation is to upgrade to version 22.6.2 or later. As a workaround, organizations can use internal firewall features to limit access to the web management interface (Nozomi Advisory).