Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.0
Nokia Impact: Malicious Data Injection via Campaign Name
CVE-2023-31044
Summary
Nokia Impact users can inject malicious code into campaign names, which can be exported and potentially used for data theft or other malicious activities. This affects users with Impact DM 19.11 or later. To protect your data, ensure you only allow authorized users to access and export campaign data, and review your export settings carefully.
Original title
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within th...
Original description
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
nvd CVSS3.1
2.0
Vulnerability type
CWE-94
Code Injection
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026