CVEWalkthrough

CVE-2020-13480:Verint Workforce Optimization : HTML Injection

1 Comment on CVE-2020-13480:Verint Workforce Optimization : HTML InjectionUncategorized tp9222@gmail.com

Vulnerable Software: Verint Workforce Optimization (WFO)

Affected Version: 15.2

Vendor Homepage: Link

CVE: CVE-2020-13480

CVE Author: Tejas Nitin Pingulkar

Exploit Available: POC Available

About Affected Software

Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including:
 
  • Back-office operations
  • Branch operations
  • Contact centers
  • Financial trading rooms

Additional Information

The Verint WFO application includes a built-in feature for sending and receiving emails. However, the application fails to properly sanitize user input, which can lead to security vulnerabilities.

Exploit

1. Open send email function 

2. Inject a malicious payload inside the email body field.

POC

 

CVE-2020-13480:Verint Workforce Optimization : HTML Injection

One thought on “CVE-2020-13480:Verint Workforce Optimization : HTML Injection

  1. Pingback: CVE.report

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top