Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.
References
Link | Resource |
---|---|
http://genesys.com | Product |
http://packetstormsecurity.com/files/168410/Genesys-PureConnect-Cross-Site-Scripting.html | Exploit Third Party Advisory |
https://cxsecurity.com/issue/WLB-2022090038 | Exploit Third Party Advisory |
https://help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-16T16:11:39
Updated: 2022-09-19T16:06:14
Reserved: 2022-08-08T00:00:00
Link: CVE-2022-37775
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-16T17:15:12.727
Modified: 2022-09-20T18:27:25.687
Link: CVE-2022-37775
JSON object: View
Redhat Information
No data.
CWE