An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
Metrics
Affected Vendors & Products
References
History
Thu, 24 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-24T00:00:00
Updated: 2024-10-24T15:02:43.087Z
Reserved: 2022-04-08T00:00:00
Link: CVE-2022-28865
Vulnrichment
Updated: 2024-08-03T06:03:53.146Z
NVD
Status : Modified
Published: 2023-07-24T14:15:10.157
Modified: 2024-11-21T06:58:05.453
Link: CVE-2022-28865
Redhat
No data.