Описание
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2