121 matches found
The vulnerability of the Site Configuration Tool tool in the NetAct network management system allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Site Configuration Tool in the NetAct network management system is related to insufficient protection of the web page structure during file loading. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Alarm Reports Dashboard, a component of the NetAct network management system, allows a violator to perform cross-site scenario attacks.
The vulnerability of the Alarm Reports Dashboard of the NetAct network management system is related to insufficient protection of the website structure during task creation. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
PT-2022-6442 · Nokia · Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: The issue is related to the lack of input validation when creating a working set in the NetAct system, allowing an attacker to inject a client-side template payload. This can lead to the...
PT-2022-6445 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: An XXE issue was discovered via an XML document to the Configuration Dashboard page, where input validation and a proper XML parser configuration are missing. This makes it difficult for a...
PT-2022-04: Cross Site Template Injection (CSTI)
Input validation was missing while creating the working set, in working set manager application. Nokia NetAct users can create a Working Set with a name that injects a client-side template Injection payloads. The attack can only be performed by an internal user. The vulnerability is fixed in NetA...
PT-2022-6441 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: The issue is related to insufficient protection of the web page structure when creating tasks. It allows an attacker to perform cross-site scripting XSS attacks by injecting scripts. The...
PT-2022-6443 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 SP1037 Description: An issue was discovered in the Site Configuration Tool tab of Nokia NetAct, where attackers can upload a ZIP file that, when processed, exploits Stored XSS. The upload option of the Site...
PT-2022-6444 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: An XXE issue was discovered in Nokia NetAct via an XML document to a Performance Manager page, where input validation and a proper XML parser configuration are missing. This could allow an...
Nokia NetAct 18A Filename Change Code Execution Vulnerability
Nokia NetAct 18A is an application system from NOKIA, Finland. It provides best-in-class applications for seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A that allows an attacker to...
CVE-2021-26597
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...
CVE-2021-26596
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...
CVE-2021-26596
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...
CVE-2021-26597
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...
Code injection
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...
Code injection
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...
CVE-2021-26596
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...
CVE-2021-26596
The CVE-2021-26596 entry concerns Nokia NetAct 18A. A vulnerability exists where a malicious user can change the filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser. The attack is typically delivered by placing the malicious content...
CVE-2021-26597
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...
CVE-2021-26597
CVE-2021-26597 affects Nokia NetAct 18A. A remote user authenticated to the NetAct Web Page can upload arbitrary files via the Site Configuration Tool’s /netact/sct parameter with operation=upload, enabling potentially dangerous file uploads. According to NVD, CVSS v3.1 base score 6.5 (PR:L, I:H)...
NOKIA NetAct 18A 跨站脚本漏洞
Nokia NetAct 18A is an application system from NOKIA, Finland. It provides best-in-class applications for seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A that allows an attacker to...