Unrated severityNVD Advisory· Published Mar 25, 2021· Updated Aug 3, 2024
CVE-2021-26596
CVE-2021-26596
Description
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
Affected products
2- Nokia/NetActdescription
Patches
Vulnerability mechanics
References
2- www.gruppotim.it/redteammitrex_refsource_MISC
- www.trusted-introducer.org/directory/teams/nokia-psirt.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.