3 matches found
CVE-2022-37462
A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...
CVE-2022-37462
A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...
CVE-2022-37462
CVE-2022-37462 describes a stored XSS in the Chat gadget of Upstream Works Agent Desktop for Cisco Finesse via the AttachmentId in file-upload details. Affected: Upstream Works Agent Desktop for Cisco Finesse versions 4.2.12 and earlier, and 5.0. Root cause: insecure handling of AttachmentId in f...