Luis Eduardo Jácome V

**Name of the Vulnerable Software and Affected Versions** Genesys PureEngage Digital (eServices) version 8.1.x **Description** The issue allows for XSS attacks through specific JSP files, namely HtmlChatPanel.jsp or HtmlChatFrameSet.jsp, by manipulating certain parameters. These parameters include `ActionColor`, `ClientNickNameColor`, `Email`, `email`, or `email address`. **Recommendations** For Genesys PureEngage Digital (eServices) version 8.1.x, consider restricting access to the HtmlChatPanel.jsp and HtmlChatFrameSet.jsp files until a patch is available. As a temporary workaround, avoid using the parameters `ActionColor`, `ClientNickNameColor`, `Email`, `email`, or `email address` in the affected API endpoints.