Verint · Verba · CVE-2026-21730
**Name of the Vulnerable Software and Affected Versions**
Verba versions prior to 10.0.6
**Description**
A Stored Cross-Site Scripting (XSS) issue exists in the login logging mechanism. An unauthenticated remote attacker can inject a malicious payload into the `username` field during a failed login attempt. Because the application fails to sanitize this input, the payload is stored in the logs and subsequently executed in the administrator's browser when they access the log viewer.
**Recommendations**
Update to version 10.0.6.