N/A

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

N/A

Nokia NetAct 跨站脚本漏洞

Nokia NetAct是芬兰诺基亚（Nokia）公司的一个网络管理系统。 Nokia NetAct 22 SP1037之前版本存在安全漏洞，该漏洞源于配置工具的上传选项不验证文件内容。攻击者利用该漏洞执行跨站脚本攻击。

N/A

N/A