Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Nokia Solutions And Networks Cross Site Scripting

🗓️ 13 Sep 2015 00:00:00Reported by Ugur Cihan KOCType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Nokia Solutions and Networks @vantage - Multiple Reflected XSS vulnerabilit

Code
`Document Title:  
==============  
Nokia Solutions and Networks @vantage - Multiple Reflected XSS  
  
Release Date:  
============  
9 Sep 2015  
  
Abstract Advisory Information:  
=============================  
Ugur Cihan Koc discovered twentySeven Reflected XSS  
vulnerability in Nokia NSN @vantage  
  
Vulnerability Disclosure Timeline:  
=================================  
24 July 2015 Bug reported to the vendor.  
28 July 2015 Asked about the case.  
8 Sep 2015 End of support for this product, reported by the vendor  
  
Discovery Status:  
================  
Published  
  
Affected Product(s):  
===================  
Nokia NSN @vantage  
  
Exploitation Technique:  
======================  
Local, Authenticated  
  
Severity Level:  
==============  
Medium  
  
Technical Details & Description:  
===============================  
Affected Path/Parameter[27] :  
  
/cftraces/filter/fl_copy.jsp  
idFilter  
nameFilter  
/cftraces/filter/fl_crea1.jsp  
flName  
/cftraces/process/pr_show_process.jsp  
serchStatus  
refreshTime  
serchNode  
/cftraces/session/se_crea.jsp  
MaxActivationTime  
NumberOfBytes  
NumberOfTracefiles  
SessionName  
serchSessionkind  
/cftraces/session/se_show.jsp  
serchSessionDescription  
/cftraces/session/tr_crea_filter.jsp  
serchApplication  
serchApplicationkind  
/cftraces/session/tr_create_tagg_para.jsp  
columKeyUnique  
columParameter  
componentName  
criteria1  
criteria2  
criteria3  
description  
filter  
id  
pathName  
tableName  
component  
/home/certificate_association.jsp  
userid  
  
Proof of Concept (PoC):  
======================  
Proof of Concept  
https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M  
  
Solution Fix & Patch:  
====================  
There aren't any fix for the issue. [End of Support]  
  
Security Risk:  
=============  
The risk of the vulnerability above estimated as medium.  
  
Credits & Authors:  
=================  
Ugur Cihan Koc(@_uceka_)  
Blog: www.uceka.com  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Sep 2015 00:00Current
0.3Low risk
Vulners AI Score0.3
nokia nsn @vantagereflected xssmedium severityugur cihan koc
24