CVE-2023-26059 Information

Description

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab attackers can upload a ZIP file which when processed exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.

Reference

https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-03/ https://nokia.com