CVE-2020-13480:Verint Workforce Optimization : HTML Injection

Vulnerable Software: Verint Workforce Optimization (WFO)

Affected Version: 15.2

Vendor Homepage:  https://www.verint.com

CVE: CVE-2020-13480

CVE Author: Tejas Nitin Pingulkar

Exploit Available: POC Available

About Affected Software


Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including:
  • Back-office operations
  • Branch operations
  • Contact centers
  • Financial trading rooms

 

Additional Information

Verint WFO application provides functionality to send receive emails within application. However application fails to sanitize user input.

Exploit

1. Open send email function 

2. Write your payload inside body

POC

CVE-2020-13480:Verint Workforce Optimization : HTML Injection

One thought on “CVE-2020-13480:Verint Workforce Optimization : HTML Injection

  1. Pingback: CVE.report

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top