3 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Nokia Electronics Documentation (NED) 5.0 permite a atacantes remotos ejecutar script web arbitrario y robar galletitas (cookies) mediante una URL al directorio docs/ que contenga el script. • https://www.exploit-db.com/exploits/23149 http://www.atstake.com/research/advisories/2003/a091503-1.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2

Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user. Nokia Electronics Documentation (NED) 5.0 permite a atacantes remotos usar NED como un proxy HTTP abierto mediante una URL en el parámetro de localización, al que NED accede y devuelve al usuario. • https://www.exploit-db.com/exploits/23148 http://www.atstake.com/research/advisories/2003/a091503-1.txt •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . (dot). Nokia Electronics Documentation (NED) 5.0 permite a atacantes remotos obtener un listado de directorio de la raíz del web de WebLogic, y la ruta física del servidor NED, mediante una acción "retrieve" (obtener) con un parámetro de localización de . (dot). • https://www.exploit-db.com/exploits/23147 http://www.atstake.com/research/advisories/2003/a091503-1.txt •