CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-26059

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.4%

CVSS Severity

CVSS v3 Score 6.8

References

https://nokia.com
https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-03/
https://nokia.com
https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-03/

Products affected by CVE-2023-26059

Nokia » Netact » Version: 20.1

cpe:2.3:a:nokia:netact:20.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26059

Products

Pricing

Contact Us