Lucene search
K

121 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:42 p.m.12 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

8.8CVSS6.8AI score0.00859EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:40 p.m.4 views

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

5.4CVSS6.1AI score0.00737EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 p.m.7 views

CVE-2021-26597

An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the...

6.5CVSS6.4AI score0.01437EPSS
Exploits1References1
OSV
OSV
added 2023/07/24 2:15 p.m.5 views

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

5.4CVSS5.8AI score0.00389EPSS
Exploits1References2
OSV
OSV
added 2023/07/24 2:15 p.m.5 views

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

8.8CVSS5.9AI score0.00381EPSS
Exploits1References2
NVD
NVD
added 2023/07/24 2:15 p.m.19 views

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

5.4CVSS5.5AI score0.00389EPSS
Exploits1References2
OSV
OSV
added 2023/07/24 2:15 p.m.5 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

8.8CVSS5.8AI score0.00859EPSS
Exploits1References2
OSV
OSV
added 2023/07/24 2:15 p.m.4 views

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

8.8CVSS5.7AI score0.00952EPSS
Exploits1References2
NVD
NVD
added 2023/07/24 2:15 p.m.20 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

8.8CVSS8.6AI score0.00859EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/24 2:15 p.m.2 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

8.8CVSS7.2AI score0.00859EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/07/24 2:15 p.m.5 views

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

8.8CVSS7.1AI score0.00952EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/07/24 2:15 p.m.4 views

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

5.4CVSS6.1AI score0.00389EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/07/24 2:15 p.m.4 views

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

5.4CVSS6.1AI score0.00389EPSS
Exploits1References3
NVD
NVD
added 2023/07/24 2:15 p.m.27 views

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

8.8CVSS8.7AI score0.00952EPSS
Exploits1References2
NVD
NVD
added 2023/07/24 2:15 p.m.28 views

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

5.4CVSS5.5AI score0.00389EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/24 2:15 p.m.5 views

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

8.8CVSS7.4AI score0.00381EPSS
Exploits1References3
OSV
OSV
added 2023/07/24 2:15 p.m.6 views

CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

5.4CVSS5.8AI score0.00389EPSS
Exploits1References2
NVD
NVD
added 2023/07/24 2:15 p.m.18 views

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

8.8CVSS8.7AI score0.00381EPSS
Exploits1References2
Prion
Prion
added 2023/07/24 2:15 p.m.16 views

Hardcoded credentials

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

6.5CVSS8.5AI score0.00859EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/24 2:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

6.5CVSS8.6AI score0.00952EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder