First published: Mon Apr 24 2023(Updated: )
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nokia NetAct | <=20.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-26061 is a vulnerability found in Nokia NetAct before version 22 FP2211 that allows an attacker to inject XSS through a script created on the Scheduled Search tab of the Alarm Reports Dashboard page.
CVE-2023-26061 impacts Nokia NetAct by allowing users to create a script that injects XSS, leading to potential security breaches and unauthorized access.
The severity of CVE-2023-26061 is medium, with a CVSS score of 5.4.
It is very difficult for an external attacker to exploit CVE-2023-26061, as it requires knowledge of the vulnerability and access to the Scheduled Search tab of the Alarm Reports Dashboard page.
Yes, a fix for CVE-2023-26061 is available in Nokia NetAct version 22 FP2211 or later.