Vulnerability Description: Cross-Site Scripting (Stored) - CWE-79
Software Version: NOKIA Imapct 19.11.2.10-20210118042150283
NIST: https://nvd.nist.gov/vuln/detail/CVE-2021-35483
CVSS:
Severity:
Credits: Francesco Giordano, Veno Eivazian, Massimiliano Brolli
The NOKIA IMPACT web interface doesn't check properly the parameters, sent in HTTP requests as input, before saving them in the server. In addition, the JavaScript malicious content is reflected back to the end user and executed by the web browser.