Lucene search
+L

5 matches found

prion
prion
added 2023/07/24 2:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

6.5CVSS8.6AI score0.0096EPSS
Exploits1References2Affected Software1
prion
prion
added 2023/07/24 2:15 p.m.18 views

Design/Logic Flaw

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

4.9CVSS5.5AI score0.00392EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/07/24 12:0 a.m.35 views

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

8.8AI score0.0096EPSS
Exploits1References2
cvelist
cvelist
added 2023/07/24 12:0 a.m.41 views

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

5.7AI score0.00392EPSS
Exploits1References2
cve
cve
added 2023/07/24 12:0 a.m.64 views

CVE-2022-30280

Nokia NetAct 22 exposes a CSRF vulnerability at /SecurityManagement/html/createuser.jsf that lets remote attackers create users with arbitrary, including administrative, privileges. The app does not verify CSRF tokens, enabling exploitation via social engineering; impact ranges from unauthorized ...

8.8CVSS8.6AI score0.00381EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder