Verint Impact 360 15.1 Script Insertion / HTML Injection
Posted by deepcore on July 16, 2020 – 12:03 am
Verint Impact 360 version 15.1 has an issue where the helpURL parameter in wfo/help/help_popup.jsp can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.
Post a reply
You must be logged in to post a comment.