CVE-2021-35483

Medium CVSS: 4.1

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.

Vendor

Nokia

Product

Impact

CWE

CWE-79

Yayın Tarihi

2026-03-03 18:16:20

Güncelleme

2026-03-05 21:50:19

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Impact MEDIUM Nokia 2026

Referanslar

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35483.html https://www.nokia.com/networks/solutions/impact-iot-platform/ https://www.nokia.com/notices/responsible-disclosure/

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…

Critical

CVE-2025-27019

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user acco…