CVE-2022-37462

2023-04-1000:00:00

mitre

www.cve.org

cve-2022-37462

cross-site scripting

chat gadget

remote attackers

injection

file-upload

EPSS

0.001

Percentile

41.4%

JSON

A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.

References

www.campusguard.com/post/going-beyond-pen-testing-to-identify-zero-day-exploits

www.upstreamworks.com/support/notifications/

EPSS

0.001

Percentile

41.4%

JSON

Related for CVELIST:CVE-2022-37462