Nokia IMPACT Applications Component Arbitrary JavaScript File Upload Vulnerability

Vulnerability

A vulnerability in the Applications component of Nokia IMPACT, affecting versions through 19.11.2.10-20210118042150283, allows authenticated users to upload JavaScript files arbitrarily. This issue arises via the fileupload parameter in the /ui/rest-proxy/application endpoint, during the process of adding or editing applications. If an authenticated user accesses the web page where the uploaded file is published, the JavaScript code is executed.

Impact

Exploitation of this vulnerability allows for arbitrary JavaScript execution on the client side, potentially leading to cross-site scripting or other client-side attacks.

Added: Mar 3, 2026, 6:28 PM

Updated: Mar 3, 2026, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nokia IMPACT Applications Component Arbitrary JavaScript File Upload Vulnerability

Vulnerability

Impact

Affected Products

Nokia IMPACT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating