CVE-2022-41762

Name of the Vulnerable Software and Affected Versions NOKIA NFM-T version R19.9

Description An issue was discovered in the Network Element Manager, where multiple Reflected XSS vulnerabilities exist. These vulnerabilities can be exploited via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.

Recommendations For NOKIA NFM-T version R19.9, consider disabling access to the vulnerable scripts log.pl, top.pl, and easy1350.pl until a patch is available. Restrict input parameters bench, pid, and id in the respective scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.