CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

CVE-2022-41762

An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl...

PT-2023-13732 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: A SQL Injection issue occurs in the /cgi-bin/R19.9/easy1350.pl endpoint of the VM Manager WebUI, specifically via the id or host HTTP GET parameters. This issue requires an authenticated attacker for...

CVE-2022-41762

An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl...

CVE-2022-41762

Nokia NFM-T R19.9 is affected by multiple reflected XSS vulnerabilities in the Network Element Manager. The issue arises through user-supplied input to log.pl, top.pl (bench/pid), and easy1350.pl (id). Root cause is reflected XSS in these scripts. Impact is web-context scripting upon successful e...