CVE-2022-37775

Name of the Vulnerable Software and Affected Versions Genesys PureConnect Interaction Web Tools Chat Service versions prior to at least 26-September-2019

Description The issue allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. This enables potential attackers to inject malicious scripts into the chat history, which could lead to unauthorized actions or data exposure.

Recommendations For Genesys PureConnect Interaction Web Tools Chat Service versions prior to at least 26-September-2019, as a temporary workaround, consider restricting access to the Printable Chat History feature until a patch is available. Additionally, avoid using the participant -> name JSON POST parameter in the affected service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.