Vulnerability Details CVE-2021-35483
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.6%
CVSS Severity
CVSS v3 Score 4.1
References