Cross-Site Scripting Vulnerability in Verint Workforce Optimization
CVE-2021-36450

6.1MEDIUM

Key Information:

Vendor

Verint

Status
Workforce Optimization
Vendor
CVE Published:
15 December 2021

What is CVE-2021-36450?

Verint Workforce Optimization version 15.2.8.10048 is susceptible to a Cross-Site Scripting (XSS) attack through the manipulation of the control/my_notifications NEWUINAV parameter. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data theft.

References

http://verint.com
x_refsource_MISC
https://sushantvkamble.blogspot.com/2021/11/cross-site-sc...
x_refsource_MISC
https://medium.com/%401nf0sk/cve-2021-36450-cross-site-sc...
x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.