CVE-2020-13480:Verint Workforce Optimization : HTML Injection

Vulnerable Software: Verint Workforce Optimization (WFO)

Affected Version: 15.2

Vendor Homepage:

CVE: CVE-2020-13480

CVE Author: Tejas Nitin Pingulkar

Exploit Available: POC Available

About Affected Software

Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including:
  • Back-office operations
  • Branch operations
  • Contact centers
  • Financial trading rooms


Additional Information

Verint WFO application provides functionality to send receive emails within application. However application fails to sanitize user input.


1. Open send email function 

2. Write your payload inside body


CVE-2020-13480:Verint Workforce Optimization : HTML Injection

One thought on “CVE-2020-13480:Verint Workforce Optimization : HTML Injection

  1. Pingback:

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top