Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by verint
CVE-2026-21730 (GCVE-0-2026-21730)
Vulnerability from cvelistv5 – Published: 2026-05-14 13:52 – Updated: 2026-05-14 15:29
VLAI
Title
Stored XSS in Verba
Summary
Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field.
This payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer.
The vendor was notified early about this vulnerability, but didn't respond to our messages. This issue was fixed in version 10.0.6
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Date Public
2026-05-14 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T15:28:56.802133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T15:29:06.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Verba",
"vendor": "Verint",
"versions": [
{
"lessThan": "10.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jan Czerlunczakiewicz (STM Cyber)"
}
],
"datePublic": "2026-05-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field.\u003cbr\u003eThis payload will be executed in the context of the administrator\u2019s browser when the admin accesses the web application\u0027s log viewer.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond to our messages. This issue was fixed in version 10.0.6"
}
],
"value": "Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field.\nThis payload will be executed in the context of the administrator\u2019s browser when the admin accesses the web application\u0027s log viewer.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond to our messages. This issue was fixed in version 10.0.6"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T13:52:10.543Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"url": "https://cert.pl/en/posts/2026/05/CVE-2026-21730"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored XSS in Verba",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2026-21730",
"datePublished": "2026-05-14T13:52:10.543Z",
"dateReserved": "2026-01-05T11:45:11.492Z",
"dateUpdated": "2026-05-14T15:29:06.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36396 (GCVE-0-2024-36396)
Vulnerability from cvelistv5 – Published: 2024-06-13 12:33 – Updated: 2024-08-02 03:37
VLAI
Title
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
Summary
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Verint | WFO |
Affected:
All versions , < Upgrade to version 15.2.1030 or greater.
(custom)
|
|
| verint | workforce_optimization |
Affected:
15.2.918.262 , < 15.2.1030
(custom)
cpe:2.3:a:verint:workforce_optimization:*:*:*:*:*:*:*:* |
Date Public
2024-06-13 12:29
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:verint:workforce_optimization:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workforce_optimization",
"vendor": "verint",
"versions": [
{
"lessThan": "15.2.1030",
"status": "affected",
"version": "15.2.918.262",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T20:47:41.828984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:49:44.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WFO",
"vendor": "Verint",
"versions": [
{
"lessThan": "Upgrade to version 15.2.1030 or greater.",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osher Assor"
}
],
"datePublic": "2024-06-13T12:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVerint - CWE-434: Unrestricted Upload of File with Dangerous Type\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "Verint - CWE-434: Unrestricted Upload of File with Dangerous Type"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T12:33:41.805Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 15.2.1030 or greater.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to version 15.2.1030 or greater."
}
],
"source": {
"advisory": "ILVN-2024-0165",
"discovery": "UNKNOWN"
},
"title": "Verint - CWE-434: Unrestricted Upload of File with Dangerous Type",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-36396",
"datePublished": "2024-06-13T12:33:41.805Z",
"dateReserved": "2024-05-27T13:04:44.111Z",
"dateUpdated": "2024-08-02T03:37:05.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36395 (GCVE-0-2024-36395)
Vulnerability from cvelistv5 – Published: 2024-06-13 12:32 – Updated: 2024-08-02 03:37
VLAI
Title
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
Impacted products
Date Public
2024-06-13 12:29
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:21:13.023049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T19:21:21.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WFO",
"vendor": "Verint",
"versions": [
{
"lessThan": "Upgrade to version 15.2.1030 or greater.",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osher Assor"
}
],
"datePublic": "2024-06-13T12:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVerint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\u003c/span\u003e\n\n"
}
],
"value": "Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T12:32:22.905Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 15.2.1030 or greater.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to version 15.2.1030 or greater."
}
],
"source": {
"advisory": "ILVN-2024-0164",
"discovery": "UNKNOWN"
},
"title": "Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-36395",
"datePublished": "2024-06-13T12:32:22.905Z",
"dateReserved": "2024-05-27T13:04:44.111Z",
"dateUpdated": "2024-08-02T03:37:05.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33257 (GCVE-0-2023-33257)
Vulnerability from cvelistv5 – Published: 2023-08-02 00:00 – Updated: 2024-10-17 18:25
VLAI
Summary
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://writeup.recoil.nl/verint/ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:36.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://writeup.recoil.nl/verint/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33257",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T18:25:39.938601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:25:50.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://writeup.recoil.nl/verint/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33257",
"datePublished": "2023-08-02T00:00:00.000Z",
"dateReserved": "2023-05-21T00:00:00.000Z",
"dateUpdated": "2024-10-17T18:25:50.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12744 (GCVE-0-2020-12744)
Vulnerability from cvelistv5 – Published: 2022-10-20 00:00 – Updated: 2025-05-08 18:07
VLAI
Summary
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-281 - Improper Preservation of Permissions
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bwiltse/verint"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bwiltse/cve/blob/master/Verint/Verint-CVE-2020-12744.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-12744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:07:01.128359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:07:40.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/bwiltse/verint"
},
{
"url": "https://github.com/bwiltse/cve/blob/master/Verint/Verint-CVE-2020-12744.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12744",
"datePublished": "2022-10-20T00:00:00.000Z",
"dateReserved": "2020-05-08T00:00:00.000Z",
"dateUpdated": "2025-05-08T18:07:40.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36450 (GCVE-0-2021-36450)
Vulnerability from cvelistv5 – Published: 2021-12-15 06:55 – Updated: 2024-08-04 00:54
VLAI
Summary
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://verint.com | x_refsource_MISC |
| https://sushantvkamble.blogspot.com/2021/11/cross… | x_refsource_MISC |
| https://medium.com/%401nf0sk/cve-2021-36450-cross… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://verint.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%401nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T06:55:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://verint.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%401nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://verint.com",
"refsource": "MISC",
"url": "http://verint.com"
},
{
"name": "https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html",
"refsource": "MISC",
"url": "https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html"
},
{
"name": "https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740",
"refsource": "MISC",
"url": "https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36450",
"datePublished": "2021-12-15T06:55:56.000Z",
"dateReserved": "2021-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:54:51.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41825 (GCVE-0-2021-41825)
Vulnerability from cvelistv5 – Published: 2021-10-08 15:07 – Updated: 2024-08-04 03:22
VLAI
Summary
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.verint.com/engagement/our-offerings/s… | x_refsource_MISC |
| https://0xy37.medium.com/my-first-cve-cve-2021-41… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:24.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0xy37.medium.com/my-first-cve-cve-2021-41825-verint-workforce-optimization-html-injection-6dd450e7f2af"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-08T15:07:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0xy37.medium.com/my-first-cve-cve-2021-41825-verint-workforce-optimization-html-injection-6dd450e7f2af"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/",
"refsource": "MISC",
"url": "https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/"
},
{
"name": "https://0xy37.medium.com/my-first-cve-cve-2021-41825-verint-workforce-optimization-html-injection-6dd450e7f2af",
"refsource": "MISC",
"url": "https://0xy37.medium.com/my-first-cve-cve-2021-41825-verint-workforce-optimization-html-injection-6dd450e7f2af"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41825",
"datePublished": "2021-10-08T15:07:00.000Z",
"dateReserved": "2021-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:22:24.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-23446 (GCVE-0-2020-23446)
Vulnerability from cvelistv5 – Published: 2020-09-22 13:24 – Updated: 2024-08-04 14:58
VLAI
Summary
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://verint.com | x_refsource_MISC |
| http://cvewalkthrough.com/variant-unauthenticated… | x_refsource_MISC |
| https://tejaspingulkar.blogspot.com/2020/09/cve-2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:58:15.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://verint.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cvewalkthrough.com/variant-unauthenticated-information-disclosure-via-api/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tejaspingulkar.blogspot.com/2020/09/cve-2020-23446-verint-workforce.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-22T13:24:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://verint.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cvewalkthrough.com/variant-unauthenticated-information-disclosure-via-api/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tejaspingulkar.blogspot.com/2020/09/cve-2020-23446-verint-workforce.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-23446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://verint.com",
"refsource": "MISC",
"url": "http://verint.com"
},
{
"name": "http://cvewalkthrough.com/variant-unauthenticated-information-disclosure-via-api/",
"refsource": "MISC",
"url": "http://cvewalkthrough.com/variant-unauthenticated-information-disclosure-via-api/"
},
{
"name": "https://tejaspingulkar.blogspot.com/2020/09/cve-2020-23446-verint-workforce.html",
"refsource": "MISC",
"url": "https://tejaspingulkar.blogspot.com/2020/09/cve-2020-23446-verint-workforce.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23446",
"datePublished": "2020-09-22T13:24:03.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:58:15.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12773 (GCVE-0-2019-12773)
Vulnerability from cvelistv5 – Published: 2020-07-14 19:27 – Updated: 2024-08-04 23:32
VLAI
Summary
An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2020/Jul/15 | x_refsource_MISC |
| http://packetstormsecurity.com/files/158411/Verin… | x_refsource_MISC |
Date Public
2020-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Jul/15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158411/Verint-Impact-360-15.1-Script-Insertion-HTML-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T21:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/Jul/15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158411/Verint-Impact-360-15.1-Script-Insertion-HTML-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2020/Jul/15",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/Jul/15"
},
{
"name": "http://packetstormsecurity.com/files/158411/Verint-Impact-360-15.1-Script-Insertion-HTML-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158411/Verint-Impact-360-15.1-Script-Insertion-HTML-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12773",
"datePublished": "2020-07-14T19:27:54.000Z",
"dateReserved": "2019-06-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:55.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12784 (GCVE-0-2019-12784)
Vulnerability from cvelistv5 – Published: 2020-07-14 19:25 – Updated: 2024-08-04 23:32
VLAI
Summary
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2020/Jul/17 | x_refsource_MISC |
| http://packetstormsecurity.com/files/158413/Verin… | x_refsource_MISC |
Date Public
2020-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Jul/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to \"crowdsource\" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T21:06:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/Jul/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to \"crowdsource\" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2020/Jul/17",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/Jul/17"
},
{
"name": "http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158413/Verint-Impact-360-15.1-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12784",
"datePublished": "2020-07-14T19:25:24.000Z",
"dateReserved": "2019-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:54.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12783 (GCVE-0-2019-12783)
Vulnerability from cvelistv5 – Published: 2020-07-14 19:22 – Updated: 2024-08-04 23:32
VLAI
Summary
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://seclists.org/fulldisclosure/2020/Jul/16 | x_refsource_MISC |
| http://packetstormsecurity.com/files/158412/Verin… | x_refsource_MISC |
Date Public
2020-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2020/Jul/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-Redirect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to \"crowdsource\" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T21:06:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2020/Jul/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-Redirect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to \"crowdsource\" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2020/Jul/16",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2020/Jul/16"
},
{
"name": "http://packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158412/Verint-Impact-360-15.1-Open-Redirect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12783",
"datePublished": "2020-07-14T19:22:12.000Z",
"dateReserved": "2019-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:32:54.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13480 (GCVE-0-2020-13480)
Vulnerability from cvelistv5 – Published: 2020-06-22 17:31 – Updated: 2024-08-04 12:18
VLAI
Summary
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://cvewalkthrough.com/cve-2020-13480html-injection | x_refsource_MISC |
| https://tejaspingulkar.blogspot.com/2020/06/cve-2… | x_refsource_MISC |
| https://www.youtube.com/watch?v=11ghigOu-K0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cvewalkthrough.com/cve-2020-13480html-injection"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tejaspingulkar.blogspot.com/2020/06/cve-2020-13480-verint-html-injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=11ghigOu-K0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the \"send email\" feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T17:31:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cvewalkthrough.com/cve-2020-13480html-injection"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tejaspingulkar.blogspot.com/2020/06/cve-2020-13480-verint-html-injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=11ghigOu-K0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the \"send email\" feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvewalkthrough.com/cve-2020-13480html-injection",
"refsource": "MISC",
"url": "http://cvewalkthrough.com/cve-2020-13480html-injection"
},
{
"name": "https://tejaspingulkar.blogspot.com/2020/06/cve-2020-13480-verint-html-injection.html",
"refsource": "MISC",
"url": "https://tejaspingulkar.blogspot.com/2020/06/cve-2020-13480-verint-html-injection.html"
},
{
"name": "https://www.youtube.com/watch?v=11ghigOu-K0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=11ghigOu-K0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13480",
"datePublished": "2020-06-22T17:31:17.000Z",
"dateReserved": "2020-05-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:18:18.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17871 (GCVE-0-2018-17871)
Vulnerability from cvelistv5 – Published: 2018-10-04 19:00 – Updated: 2024-08-05 11:01
VLAI
Summary
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/149651/Colla… | x_refsource_MISC |
| https://seclists.org/bugtraq/2018/Oct/12 | mailing-listx_refsource_BUGTRAQ |
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
| https://releases.verba.com/?v=9.2 | x_refsource_CONFIRM |
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:13.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/149651/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Disclosure.html"
},
{
"name": "20181002 [SYSS-2018-023] Password leakage in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17871)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Oct/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-023.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://releases.verba.com/?v=9.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/149651/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Disclosure.html"
},
{
"name": "20181002 [SYSS-2018-023] Password leakage in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17871)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Oct/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-023.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://releases.verba.com/?v=9.2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/149651/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149651/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Disclosure.html"
},
{
"name": "20181002 [SYSS-2018-023] Password leakage in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17871)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/12"
},
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-023.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-023.txt"
},
{
"name": "https://releases.verba.com/?v=9.2",
"refsource": "CONFIRM",
"url": "https://releases.verba.com/?v=9.2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17871",
"datePublished": "2018-10-04T19:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:13.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17872 (GCVE-0-2018-17872)
Vulnerability from cvelistv5 – Published: 2018-10-04 19:00 – Updated: 2024-08-05 11:01
VLAI
Summary
Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.syss.de/fileadmin/dokumente/Publikati… | x_refsource_MISC |
| https://seclists.org/bugtraq/2018/Oct/13 | mailing-listx_refsource_BUGTRAQ |
| https://releases.verba.com/?v=9.2 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/149652/Colla… | x_refsource_MISC |
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt"
},
{
"name": "20181002 [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2018/Oct/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://releases.verba.com/?v=9.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-04T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt"
},
{
"name": "20181002 [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2018/Oct/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://releases.verba.com/?v=9.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt"
},
{
"name": "20181002 [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/13"
},
{
"name": "https://releases.verba.com/?v=9.2",
"refsource": "CONFIRM",
"url": "https://releases.verba.com/?v=9.2"
},
{
"name": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17872",
"datePublished": "2018-10-04T19:00:00.000Z",
"dateReserved": "2018-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}