CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.6%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.gruppotim.it/it/footer/red-team.html
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html
https://www.gruppotim.it/it/footer/red-team.html
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html

Products affected by CVE-2022-28865

Nokia » Netact » Version: 22.0.0.62

cpe:2.3:a:nokia:netact:22.0.0.62

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-28865

Products

Pricing

Contact Us