CVE-2020-13480:Verint Workforce Optimization : HTML Injection

Vulnerable Software: Verint Workforce Optimization (WFO)

Vulnerability: HTML Injection

Affected Version: 15.2

Vendor Homepage:

CVE: CVE-2020-13480

CVE Author: Tejas Nitin Pingulkar

Exploit Available: POC Available

About Affected Software

Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including:

  • Back-office operations
  • Branch operations
  • Contact centers
  • Financial trading rooms

Additional Information

Verint WFO application provides functionality to send receive emails within an application. However application fails to sanitize user input.


1. Open send email function 

2. Write your payload inside the body



Initial Email Sent: 21 May 2020 — No response
Followup 2: 25 May 2020 — No response
Followup 3: 26 May 2020 — No response
CVE Generated: 26 May 2020
Followup 4:08 June 2020 — No response
Published: 09 June 2020

CVE-2020-13480:Verint Workforce Optimization : HTML Injection

One thought on “CVE-2020-13480:Verint Workforce Optimization : HTML Injection

  1. Pingback:

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top