HTML Injection Vulnerability in Verint Engagement Management by Verint
CVE-2023-33257

5.4MEDIUM

Key Information:

Vendor: Verint
Status: Engagement Management
Vendor: CVE Published:; 2 August 2023

What is CVE-2023-33257?

The Verint Engagement Management 15.3 Update 2023R2 is susceptible to an HTML injection vulnerability through its user data form feature in the live chat function. This weakness can be exploited to inject malicious HTML code, potentially allowing an attacker to manipulate user data or hijack sessions. It is crucial for users of this software to implement necessary security measures to mitigate risks associated with this vulnerability.

References

https://writeup.recoil.nl/verint/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2023
Vulnerability Reserved
May 21, 2023

CVE-2023-33257 Data

JSON