6 matches found
CVE-2024-36396
Verified details for CVE-2024-36396 show an affected Verint product: Verint Workforce Optimization (WFO). The vulnerability is CWE-434: Unrestricted Upload of File with Dangerous Type, rooted in a code issue in Verint WFO version 15.2.918.262. This could allow uploading dangerous files via the im...
CVE-2021-36450
Verint Workforce Optimization (WFO) 15.2.8.10048 is vulnerable to Cross-Site Scripting via the control/my_notifications NEWUINAV parameter. The root cause is improper validation/output handling that allows injection of script code, potentially enabling browser-based attacks such as session hijack...
CVE-2024-36395
Verint Workforce Optimization (WFO) is affected by a cross-site scripting (XSS) vulnerability (CWE-80) caused by improper neutralization of script-related HTML tags in web pages. The CNNVD entry cites Verint WFO version 15.2.918.262 as affected. Root cause: improper HTML/script tag handling. Impa...
CVE-2021-41825
Verint Workforce Optimization (WFO) 15.2.5.1033 contains an HTML injection vulnerability in the /wfo/control/signin username parameter. The issue is documented across multiple sources (NVD/CVE and Red Hat advisories) and is confirmed by connected records. The root cause is an HTML injection flaw ...
CVE-2020-13480
The connected records confirm CVE-2020-13480 affects Verint Workforce Optimization (WFO) version 15.2 and is caused by HTML injection via the Send Email feature. The vulnerability details indicate an injection in a functional path that could affect email composition/handling within WFO. No exploi...
CVE-2020-23446
CVE-2020-23446 affects Verint Workforce Optimization suite 15.1 (15.1.0.37634), with an Unauthenticated Information Disclosure via API. The connected sources consistently describe a vulnerable API surface that can leak information without authentication. No exploit specifics or vendor-mitigations...