EUVD-2022-40087

Malicious code in bioql PyPI...

The vulnerability of the Chat gadget component of the UWF Agent Desktop software for multi-channel contact centers allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Chat Gadget component of the UWF Agent Desktop software for multi-channel contact centers in the Upstream Works on Finesse environment is related to the lack of protective measures taken when creating links for downloading additional files. Exploiting this vulnerability...

CVE-2022-37462

A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...

CVE-2022-37462

A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...

PT-2022-6641 · Cisco · Upstream Works Agent Desktop For Cisco Finesse

Name of the Vulnerable Software and Affected Versions: Upstream Works Agent Desktop for Cisco Finesse versions 4.2.12 and earlier, 5.0 Description: A stored Cross-Site Scripting XSS issue in the Chat gadget allows remote attackers to inject arbitrary web script or HTML via the AttachmentId in the...