Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nokia netact vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-30280
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF...
Nokia Netact 22.0.0.62
8.8
CVSSv3
CVE-2022-28863
An issue exists in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.
Nokia Netact 22.0.0.62
8.8
CVSSv3
CVE-2022-28864
An issue exists in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, ...
Nokia Netact 22.0.0.62
5.4
CVSSv3
CVE-2022-28865
An issue exists in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for deliverin...
Nokia Netact 22.0.0.62
5.4
CVSSv3
CVE-2022-28867
An issue exists in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechan...
Nokia Netact 22.0.0.62
6.5
CVSSv3
CVE-2023-26057
An XXE issue exists in Nokia NetAct prior to 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created pa...
Nokia Netact 20.1
6.5
CVSSv3
CVE-2023-26058
An XXE issue exists in Nokia NetAct prior to 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created paramete...
Nokia Netact 20.1
5.4
CVSSv3
CVE-2023-26059
An issue exists in Nokia NetAct prior to 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demili...
Nokia Netact 20.1
8.8
CVSSv3
CVE-2023-26060
An issue exists in Nokia NetAct prior to 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very ...
Nokia Netact
5.4
CVSSv3
CVE-2023-26061
An issue exists in Nokia NetAct prior to 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exp...
Nokia Netact
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »