cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-28865,https://securityvulnerability.io/vulnerability/CVE-2022-28865,,"An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.",Nokia,Netact,5.4,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2023-07-24T00:00:00.000Z,0
CVE-2022-30280,https://securityvulnerability.io/vulnerability/CVE-2022-30280,Cross-Site Request Forgery in Nokia NetAct by Nokia,"The CSRF vulnerability in Nokia NetAct 22 enables remote attackers to exploit user sessions and create new accounts with arbitrary privileges, including administrative rights. This security flaw arises due to the application's failure to verify CSRF tokens, even when it incorporates them in some requests. Attackers can leverage social engineering tactics to execute unauthorized actions, potentially compromising the integrity of the web application and affecting both regular and administrative users.",Nokia,Netact,8.8,HIGH,0.002050000010058284,false,false,false,false,,false,false,2023-07-24T00:00:00.000Z,0
CVE-2022-28863,https://securityvulnerability.io/vulnerability/CVE-2022-28863,Remote File Upload Vulnerability in Nokia NetAct,"A remote file upload vulnerability exists in Nokia NetAct 22 that allows authenticated users to upload potentially harmful files through the Site Configuration Tool. By exploiting the /netact/sct directory parameter along with the operation=upload value, unauthorized access to sensitive system areas could be achieved, posing significant security threats to the integrity of the affected systems.",Nokia,Netact,8.8,HIGH,0.0021200000774115324,false,false,false,false,,false,false,2023-07-24T00:00:00.000Z,0
CVE-2022-28864,https://securityvulnerability.io/vulnerability/CVE-2022-28864,Code Injection Vulnerability in Nokia NetAct Administration of Measurements,"A code injection vulnerability exists in the administration section of Nokia NetAct 22, specifically within the Administration of Measurements feature. A malicious actor can manipulate the templateName parameter to insert harmful code. This malicious payload can then be downloaded as a .csv or .xlsx file, which, when executed on an unsuspecting user's machine, can lead to unauthorized actions. This vulnerability underscores the importance of securing input fields against manipulation to prevent such exploits.",Nokia,Netact,8.8,HIGH,0.0010499999625608325,false,false,false,false,,false,false,2023-07-24T00:00:00.000Z,0
CVE-2022-28867,https://securityvulnerability.io/vulnerability/CVE-2022-28867,,"An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.",Nokia,Netact,5.4,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2023-07-24T00:00:00.000Z,0
CVE-2023-26057,https://securityvulnerability.io/vulnerability/CVE-2023-26057,,"An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.",Nokia,Netact,6.5,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2023-26058,https://securityvulnerability.io/vulnerability/CVE-2023-26058,,"An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.",Nokia,Netact,6.5,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2023-04-25T00:00:00.000Z,0
CVE-2023-26059,https://securityvulnerability.io/vulnerability/CVE-2023-26059,,"An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.",Nokia,Netact,5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-04-24T00:00:00.000Z,0
CVE-2023-26061,https://securityvulnerability.io/vulnerability/CVE-2023-26061,,"An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.",Nokia,Netact,5.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-04-24T00:00:00.000Z,0
CVE-2023-26060,https://securityvulnerability.io/vulnerability/CVE-2023-26060,,"An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.",Nokia,Netact,8.8,HIGH,0.0010499999625608325,false,false,false,false,,false,false,2023-04-24T00:00:00.000Z,0
CVE-2021-26596,https://securityvulnerability.io/vulnerability/CVE-2021-26596,,"An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.",Nokia,Netact,5.4,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2021-03-25T18:56:51.000Z,0
CVE-2021-26597,https://securityvulnerability.io/vulnerability/CVE-2021-26597,,"An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.",Nokia,Netact,6.5,MEDIUM,0.0010999999940395355,false,false,false,false,,false,false,2021-03-25T18:56:45.000Z,0