Lucene search

[email protected]NVD:CVE-2022-37775

HistorySep 16, 2022 - 5:15 p.m.

CVE-2022-37775

2022-09-1617:15:12

CWE-79

[email protected]

web.nvd.nist.gov

genesys

pureconnect

xss

vulnerability

printable chat history

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.4%

JSON

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.

Affected configurations

Nvd

Node

genesyspureconnectRange≤2022-09-26

VendorProductVersionCPE
genesyspureconnect*cpe:2.3:a:genesys:pureconnect:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
genesys	pureconnect	*	cpe:2.3:a:genesys:pureconnect::::::::

References

genesys.com

packetstormsecurity.com/files/168410/Genesys-PureConnect-Cross-Site-Scripting.html

cxsecurity.com/issue/WLB-2022090038

help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.4%

JSON

Related for NVD:CVE-2022-37775

cvelist1 packetstorm1 cve1 prion1 zdt1