PT-2026-22758 · Nokia · Nokia Impact
Published
2026-03-03
·
Updated
2026-03-03
·
CVE-2021-35483
CVSS v3.1
4.1
Medium
| Vector | AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nokia IMPACT versions through 19.11.2.10-20210118042150283
Description
The Applications component of Nokia IMPACT allows an authenticated user to upload JavaScript files without restriction via the
/ui/rest-proxy/application fileupload parameter. This can happen when adding a new application or editing an existing one. If an authenticated user accesses the web page where the file is published, the JavaScript code will be executed.Recommendations
Versions prior to 19.11.2.10-20210118042150283 should be updated.
Restrict file uploads to the
/ui/rest-proxy/application endpoint.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nokia Impact