CVE-2022-28865: XSS
First published: Mon Jul 24 2023(Updated: )
An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nokia NetAct | =22.0.0.62 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2022-28865.
What is the severity rating of CVE-2022-28865?
The severity rating of CVE-2022-28865 is medium with a value of 5.4.
What is the affected software of CVE-2022-28865?
The affected software of CVE-2022-28865 is Nokia NetAct version 22.0.0.62.
What is the CWE category of CVE-2022-28865?
The CWE category of CVE-2022-28865 is CWE-79.
How can I fix CVE-2022-28865?
To fix CVE-2022-28865, it is recommended to apply the latest security patches provided by Nokia.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/references
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/nokia
- canonical/nokia netact
- version/nokia netact/22.0.0.62