CVE-2019-12773
Summary
| CVE | CVE-2019-12773 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-14 20:15:00 UTC |
| Updated | 2020-07-16 19:43:00 UTC |
| Description | An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Verint | Impact 360 | 15.1 | All | All | All |
| Application | Verint | Impact 360 | 15.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Verint Impact 360 15.1 Script Insertion / HTML Injection ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| Full Disclosure: Verint Impact 360 Open iFrame | MISC | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.