CVE-2020-13480:Verint Workforce Optimization : HTML Injection

Vulnerable Software: Verint Workforce Optimization (WFO)

Affected Version: 15.2

CVE: CVE-2020-13480

CVE Author: Tejas Nitin Pingulkar

About Affected Software

Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including:

Back-office operations
Branch operations
Contact centers
Financial trading rooms

Additional Information

Verint WFO application provides functionality to send receive emails within application. However application fails to sanitize user input.

Exploit

1. Open send email function

2. Write your payload inside body

POC

CVE-2020-13480:Verint Workforce Optimization : HTML Injection

One thought on “CVE-2020-13480:Verint Workforce Optimization : HTML Injection”

One thought on “CVE-2020-13480:Verint Workforce Optimization : HTML Injection”

Leave a Reply Cancel reply