121 matches found
CVE-2023-26059
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...
CVE-2023-26059
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...
CVE-2023-26061
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...
CVE-2023-26060
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...
CVE-2023-26060
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...
Input validation
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...
CVE-2023-26059
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...
CVE-2023-26060
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...
CVE-2023-26060
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...
Nokia NetAct 跨站脚本漏洞
Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in versions prior to Nokia NetAct 22 FP2211, which stems from a lack of input validation during the creation of scheduled tasks...
Nokia NetAct 代码注入漏洞
Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation during the creation of a working set...
Nokia NetAct 跨站脚本漏洞
Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct versions prior to 22 SP1037, which stems from the configuration tool's upload option not validating file contents. An attacker could exploit the vulnerability to perform...
CVE-2023-26059
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...
CVE-2023-26061
Nokia NetAct
CVE-2023-26061
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...
CVE-2023-26060
CVE-2023-26060 affects Nokia NetAct prior to 22 FP2211. The issue is a lack of input validation when creating a Working Set on the Working Set Manager page, allowing a client-side template injection payload in the set name. Exploitation is realistically limited to internal users due to required d...
CVE-2023-26059
Summary of CVE-2023-26059 (Nokia NetAct) An issue exists in Nokia NetAct before 22 SP1037 related to the Site Configuration Tool, where the upload option for ZIP files does not validate contents. When processed, this enables a Stored XSS vulnerability within the tool. The affected environment is ...
The vulnerability of the Site Configuration Tool tool in the NetAct network management system allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Site Configuration Tool in the NetAct network management system is related to insufficient protection of the web page structure during file loading. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the NetAct network management system lies in the improper restriction of XML links to external objects. This allows attackers to gain unauthorized access to protected information or perform SSRF attacks.
The vulnerability of the NetAct network management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or perform an SSRF attack...
The vulnerability of the Alarm Reports Dashboard, a component of the NetAct network management system, allows a violator to perform cross-site scenario attacks.
The vulnerability of the Alarm Reports Dashboard of the NetAct network management system is related to insufficient protection of the website structure during task creation. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...