9 matches found
CVE-2025-59902
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
CVE-2025-59902
CVE-2025-59902 is an HTML-injection vulnerability in NICE Chat. Attacker-controlled input in firstName/lastName can inject HTML into email transcripts, enabling phishing or impersonation. Affected information is shared across multiple vendors (NVD, Red Hat, EU ENISA, CVE lists) with no explicit v...
EUVD-2025-206732
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
CVE-2025-59902 HTML injection in NICE Chat
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
CVE-2025-59902
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...
PT-2026-5927
Name of the Vulnerable Software and Affected Versions NICE Chat affected versions not specified Description An HTML injection issue exists in NICE Chat. The issue allows an attacker to inject and display arbitrary HTML content within email transcripts. This is achieved by manipulating the firstNa...
CVE-2025-11952
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
EUVD-2025-35339
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
YamaTough Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code
YamaTough Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code According to email transcripts posted to Pastebin yesterday, and confirmed by the company, a group of hackers attempted to extort $50,000 from Symantec in exchange for not releasing its stolen PCAnywhere and Norton...