CVE-2022-28867 in NetAct
Summary
by MITRE • 07/24/2023
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/22/2026
This vulnerability represents a critical cross-site scripting flaw in Nokia NetAct 22's Administration of Measurements web interface. The issue manifests through the templateName parameter in two key endpoints: /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf. The vulnerability stems from insufficient input validation and output encoding mechanisms within the web application's parameter handling, allowing attackers to inject malicious JavaScript code directly into the templateName field. This represents a classic CWE-79: Cross-Site Scripting vulnerability where user-supplied data is not properly sanitized before being rendered in web pages.
The exploitation mechanism leverages the standard delivery vector of malicious URLs containing crafted JavaScript payloads. When a victim accesses a specially crafted URL with the malicious templateName parameter, the injected code executes within the victim's browser context. This allows attackers to perform actions such as stealing session cookies, redirecting users to malicious sites, defacing web pages, or executing arbitrary commands on behalf of the victim. The vulnerability's impact is amplified by the fact that the affected endpoints are part of the administration interface, potentially providing attackers with elevated privileges or access to sensitive operational data.
The operational implications of this vulnerability are severe for organizations relying on Nokia NetAct 22 for network management and measurement operations. Attackers could compromise the integrity of measurement templates, potentially leading to false reporting or manipulation of critical network performance data. The vulnerability affects the web-based administration interface, making it accessible to attackers who can exploit it through standard web browser interactions without requiring special tools or direct system access. This makes the attack surface particularly broad and the exploitation relatively straightforward, as demonstrated by the use of URL-based delivery mechanisms that can be easily shared through email or public forums.
Organizations should implement immediate mitigations including input validation and output encoding for all user-supplied parameters, particularly those used in web interface elements. The solution involves sanitizing the templateName parameter to prevent JavaScript execution, implementing proper content security policies, and conducting thorough input validation at multiple layers of the application. Additionally, organizations should consider implementing web application firewalls to detect and block malicious payloads, while ensuring that all administrative interfaces are properly segmented and access-controlled. The vulnerability aligns with ATT&CK technique T1059.007 for JavaScript execution and T1566 for delivery through malicious links, making it a significant concern for organizations following cybersecurity frameworks that emphasize both prevention and detection capabilities.