3 matches found
CVE-2019-12784
Verint Impact 360 15.1 (wfo/control/signin) has a login form that accepts submissions from external websites, enabling a possible cross-site flow that, together with CVE-2019-12783, could be used to crowdsource bruteforce login attempts against valid credentials without originating traffic from t...
CVE-2019-12783
CVE-2019-12783 (Verint Impact 360 15.1) is an open redirect at wfo/control/signin where the rd parameter can accept a URL, enabling redirection after login. When paired with CVE-2019-12784 (external submissions in the login form), this can be used to crowdsource bruteforce login attempts on the t...
CVE-2019-12773
The CVE-2019-12773 issue affects Verint Impact 360 15.1, specifically the wfo/help/help_popup.jsp page where the helpURL parameter can be manipulated to embed arbitrary content inside an iframe. Root cause is improper handling of the helpURL parameter, enabling an attacker to craft a link that co...