We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-28865



Assignermitre
Reserved2022-04-08
Published2023-07-24
Updated2024-10-24

Description

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.

References

https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html

https://www.gruppotim.it/it/footer/red-team.html

cve.org CVE-2022-28865

nvd.nist.gov CVE-2022-28865

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.