Lucene search
K

121 matches found

BDU FSTEC
BDU FSTEC
added 2023/03/20 12:0 a.m.6 views

The vulnerability of the Site Configuration Tool tool in the NetAct network management system allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Site Configuration Tool in the NetAct network management system is related to insufficient protection of the web page structure during file loading. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.8CVSS5.6AI score0.00371EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/20 12:0 a.m.6 views

The vulnerability of the Alarm Reports Dashboard, a component of the NetAct network management system, allows a violator to perform cross-site scenario attacks.

The vulnerability of the Alarm Reports Dashboard of the NetAct network management system is related to insufficient protection of the website structure during task creation. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.8CVSS5.6AI score0.00371EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.6 views

PT-2022-6442 · Nokia · Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: The issue is related to the lack of input validation when creating a working set in the NetAct system, allowing an attacker to inject a client-side template payload. This can lead to the...

8.8CVSS7.2AI score0.0059EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.5 views

PT-2022-6445 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: An XXE issue was discovered via an XML document to the Configuration Dashboard page, where input validation and a proper XML parser configuration are missing. This makes it difficult for a...

6.8CVSS6.4AI score0.00486EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.16 views

PT-2022-04: Cross Site Template Injection (CSTI)

Input validation was missing while creating the working set, in working set manager application. Nokia NetAct users can create a Working Set with a name that injects a client-side template Injection payloads. The attack can only be performed by an internal user. The vulnerability is fixed in NetA...

8.8CVSS7.7AI score0.0059EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.5 views

PT-2022-6441 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: The issue is related to insufficient protection of the web page structure when creating tasks. It allows an attacker to perform cross-site scripting XSS attacks by injecting scripts. The...

6.8CVSS5.4AI score0.00371EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.9 views

PT-2022-6443 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 SP1037 Description: An issue was discovered in the Site Configuration Tool tab of Nokia NetAct, where attackers can upload a ZIP file that, when processed, exploits Stored XSS. The upload option of the Site...

6.8CVSS7AI score0.00371EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.6 views

PT-2022-6444 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: An XXE issue was discovered in Nokia NetAct via an XML document to a Performance Manager page, where input validation and a proper XML parser configuration are missing. This could allow an...

6.8CVSS6.5AI score0.00486EPSS
Exploits0References6
CNVD
CNVD
added 2021/03/29 12:0 a.m.4 views

Nokia NetAct 18A Filename Change Code Execution Vulnerability

Nokia NetAct 18A is an application system from NOKIA, Finland. It provides best-in-class applications for seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A that allows an attacker to...

5.4CVSS6.8AI score0.00737EPSS
Exploits1References1
NVD
NVD
added 2021/03/25 7:15 p.m.13 views

CVE-2021-26597

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...

6.5CVSS0.01437EPSS
Exploits1References2
NVD
NVD
added 2021/03/25 7:15 p.m.26 views

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

5.4CVSS0.00737EPSS
Exploits1References2
OSV
OSV
added 2021/03/25 7:15 p.m.4 views

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

5.4CVSS5.8AI score0.00737EPSS
Exploits1References2
OSV
OSV
added 2021/03/25 7:15 p.m.3 views

CVE-2021-26597

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...

6.5CVSS5.5AI score0.01437EPSS
Exploits1References2
Prion
Prion
added 2021/03/25 7:15 p.m.17 views

Code injection

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

3.5CVSS5.5AI score0.00737EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/03/25 7:15 p.m.12 views

Code injection

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...

4CVSS6.5AI score0.01437EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/25 6:56 p.m.27 views

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

5.7AI score0.00737EPSS
Exploits1References2
CVE
CVE
added 2021/03/25 6:56 p.m.51 views

CVE-2021-26596

The CVE-2021-26596 entry concerns Nokia NetAct 18A. A vulnerability exists where a malicious user can change the filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser. The attack is typically delivered by placing the malicious content...

5.4CVSS5.4AI score0.00737EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/25 6:56 p.m.18 views

CVE-2021-26597

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...

6.7AI score0.01437EPSS
Exploits1References2
CVE
CVE
added 2021/03/25 6:56 p.m.50 views

CVE-2021-26597

CVE-2021-26597 affects Nokia NetAct 18A. A remote user authenticated to the NetAct Web Page can upload arbitrary files via the Site Configuration Tool’s /netact/sct parameter with operation=upload, enabling potentially dangerous file uploads. According to NVD, CVSS v3.1 base score 6.5 (PR:L, I:H)...

6.5CVSS6.4AI score0.01437EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.3 views

NOKIA NetAct 18A 跨站脚本漏洞

Nokia NetAct 18A is an application system from NOKIA, Finland. It provides best-in-class applications for seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A that allows an attacker to...

5.4CVSS5.6AI score0.00737EPSS
Exploits1References4
Rows per page
Query Builder