Workforce Optimization Security Vulnerabilities

CVE-2020-13480

Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.

CVE-2020-23446

Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API

CVE-2021-36450

Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.

CVE-2021-41825

Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CVE-2024-36396

Verint - CWE-434: Unrestricted Upload of File with Dangerous Type