PT-2026-40928 · Verint · Verba+1
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Verba versions prior to 10.0.6
Description
A Stored Cross-Site Scripting (XSS) issue exists in the login logging mechanism. An unauthenticated remote attacker can inject a malicious payload into the
username field during a failed login attempt. Because the application fails to sanitize this input, the payload is stored in the logs and subsequently executed in the administrator's browser when they access the log viewer.Recommendations
Update to version 10.0.6.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Verba
Verba Collaboration Compliance/Quality Management Platform