Iframe Injection Vulnerability in Verint Impact 360 from Verint
CVE-2019-12773

6.1MEDIUM

Key Information:

Vendor: Verint
Status: Impact 360
Vendor: CVE Published:; 14 July 2020

What is CVE-2019-12773?

An iframe injection vulnerability exists in Verint Impact 360 15.1, specifically at the helpURL parameter in the help_popup.jsp endpoint. This vulnerability allows attackers to manipulate the parameter to embed arbitrary HTML content, which may result in the execution of malicious scripts or phishing attacks. By crafting deceptive links, an attacker can exploit this weakness in conjunction with social engineering tactics, potentially leading to unauthorized access or data theft on the platform where the product is installed.

References

https://seclists.org/fulldisclosure/2020/Jul/15

x_refsource_MISC

http://packetstormsecurity.com/files/158411/Verint-Impact...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Jun 7, 2019

CVE-2019-12773 Data

JSON