12 matches found
CVE-2022-28863
CVE-2022-28863 affects Nokia NetAct version 22. The issue allows a remote, authenticated user to upload potentially dangerous files via the /netact/sct parameter with operation=upload in the Site Configuration Tool, without restrictions. The cited documents describe the vulnerable component as th...
CVE-2022-28867
CVE-2022-28867 affects Nokia NetAct 22 in the Administration of Measurements web UI. A malicious user can edit or add the templateName parameter to inject JavaScript, which is then stored and executed in the victim’s browser. Endpoints involved: /aom/html/EditTemplate.jsf and /aom/html/ViewAllTem...
CVE-2022-30280
Nokia NetAct 22 exposes a CSRF vulnerability at /SecurityManagement/html/createuser.jsf that lets remote attackers create users with arbitrary, including administrative, privileges. The app does not verify CSRF tokens, enabling exploitation via social engineering; impact ranges from unauthorized ...
CVE-2022-28864
CVE-2022-28864 affects Nokia NetAct 22, specifically the Administration of Measurements web interface. A malicious user can modify the templateName parameter via the endpoints “/aom/html/EditTemplate.jsf” and “/aom/html/ViewAllTemplatesPage.jsf” to inject code, which can be downloaded as a .csv o...
CVE-2023-26059
Summary of CVE-2023-26059 (Nokia NetAct) An issue exists in Nokia NetAct before 22 SP1037 related to the Site Configuration Tool, where the upload option for ZIP files does not validate contents. When processed, this enables a Stored XSS vulnerability within the tool. The affected environment is ...
CVE-2021-26597
CVE-2021-26597 affects Nokia NetAct 18A. A remote user authenticated to the NetAct Web Page can upload arbitrary files via the Site Configuration Tool’s /netact/sct parameter with operation=upload, enabling potentially dangerous file uploads. According to NVD, CVSS v3.1 base score 6.5 (PR:L, I:H)...
CVE-2022-28865
CVE-2022-28865 affects Nokia NetAct 22 via the Site Configuration Tool. A malicious user can rename an uploaded file with a JavaScript payload, which is stored and later executed by a victim’s browser. The common delivery method is placing the payload in a URL parameter exposed to victims, using ...
CVE-2021-26596
The CVE-2021-26596 entry concerns Nokia NetAct 18A. A vulnerability exists where a malicious user can change the filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser. The attack is typically delivered by placing the malicious content...
CVE-2023-26058
CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...
CVE-2023-26060
CVE-2023-26060 affects Nokia NetAct prior to 22 FP2211. The issue is a lack of input validation when creating a Working Set on the Working Set Manager page, allowing a client-side template injection payload in the set name. Exploitation is realistically limited to internal users due to required d...
CVE-2023-26057
The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...
CVE-2023-26061
Nokia NetAct