4 matches found
CVE-2022-39813
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...
CVE-2022-39812
Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request not possible using the GUI to an arbitrary directory. Because th...
Italtel NetMatch-S CI 跨站脚本漏洞
Italtel NetMatch-S CI is Italtel's first "In-Cloud" SBC designed for deployment in data center/cloud environments in accordance with emerging IT practices and telecom specifications NFV. A security vulnerability exists in Italtel NetMatch-S CI version 5.2.0-20211008, which stems from the presence...
CVE-2022-39812
Italtel NetMatch-S CI 5.2.0-20211008 is affected by an Absolute Path Traversal vulnerability in NMSCI-WebGui/SaveFileUploader. An unauthenticated attacker can upload files to an arbitrary path by changing the uploadDir parameter in a POST request (GUI cannot do this), potentially leading to unaut...