Vulnerability Report

CVE-2021-35483

Title: Arbitrary JavaScript File Upload in Nokia IMPACT Applications Component

XSS

Proof Of Concept

No public PoC currently indexed for CVE-2021-35483.

CWE Category NVD-CWE-noinfo

Published Date Mar 03, 2026

Modified Date Mar 05, 2026

Exploit Status Not Found

Score 4.1 CVSS v

Exploit Probability (EPSS)

0.03%

Vulnerability Summary

CVE-2021-35483: The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.

Impacted Vendors

nokia 1

sound4 1

Reference Links

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35483.html https://www.nokia.com/networks/solutions/impact-iot-platform/ https://www.nokia.com/notices/responsible-disclosure/

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity MEDIUM

4.1

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns