CVE-2021-35483Cross-site Scripting in Impact

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.1MEDIUMNVD
EPSS
0.0%
top 91.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nokia Impact
Timeline
PublishedMar 3

Description

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 1.5 | Impact: 2.5

Affected Packages1 packages

NVDnokia/impact19.11.2.10-20210118042150283

🔴Vulnerability Details

2
GHSA
GHSA-9cmh-p698-cgr6: The Applications component of Nokia IMPACT version through 192026-03-03
CVEList
CVE-2021-35483: The Applications component of Nokia IMPACT version through 192026-03-03
CVE-2021-35483 — Cross-site Scripting in Nokia Impact | cvebase