Cross-Site Scripting in Nokia NetAct Administration of Measurements
CVE-2022-28867

5.4MEDIUM

Key Information:

Vendor: Nokia
Status: Netact
Vendor: CVE Published:; 24 July 2023

Summary

A vulnerability has been identified in Nokia NetAct 22, allowing a malicious user to modify the templateName parameter on the Administration of Measurements web interface. This weakness can lead to the injection of malicious JavaScript code, which is then executed in the web browser of an unsuspecting victim. Attackers commonly exploit this vulnerability by including the harmful script in URLs that may be shared publicly or sent directly via email. Key endpoints affected include /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf, making the potential for exploitation particularly concerning for users interacting with these pages.

References

https://www.telecomitalia.com/tit/it/innovazione/cybersec...

https://www.gruppotim.it/it/footer/red-team.html

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
Apr 8, 2022