PT-2022-03: Stored Cross-Site Scripting (XSS)

Nokia

Vulnerable software

NetAct v 20.1

Severity level

Severity level: Medium
Impact: Stored Cross-Site Scripting (XSS)
Access Vector: Remote

CVSS v3.1
Base Score: 5,0
Vector: (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MI:L/MA:L)

CVE-2023-26059

Vulnerability description:

Since the Site Configuration tool has an upload option, it doesn’t validate the file contents. An attacker can upload a Zip file which, when processed, exploits Stored XSS. The attack can only be performed by an internal user. NetAct 22 SP1037 is already delivered on top of NetAct 22 FP2208, SP package would be delivered on request for other releases.

Advisory status

10.10.2022 - Vendor gets vulnerability details

Credits

The vulnerability was detected by Vladimir Razov and Aleksandr Ustinov (Positive Technologies)

Threatscape