CVE-2025-59902

Name of the Vulnerable Software and Affected Versions NICE Chat (affected versions not specified)

Description An HTML injection issue exists in NICE Chat. The issue allows an attacker to inject and display arbitrary HTML content within email transcripts. This is achieved by manipulating the firstName and lastName parameters during a chat session. The injected HTML appears in the email body sent by the system, potentially enabling phishing attacks, impersonation, or credential theft.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.