Posts

Cross Site Scripting (XSS)

Image
  CVE-2021-36450 — Cross Site Scripting (XSS) Affected Product : Verint Workforce Optimization (WFO) Affected Version : Verint 15.2 (15.2.8.10048) Vulnerability : Cross Site Scripting (XSS) Vendor Homepage :  https://www.verint.com CVE : CVE-2021-36450 CVE Author : Sushant Vitthal Kamble Exploit Available : POC Available About the Affected Software : Workforce Optimization (WFO) is a unified suite of cloud solutions for capturing interactions and managing the performance of employees across the enterprise. WFO can help you improve customer experience, scheduling, and operational efficiency by providing appropriate staffing levels and empowering employees. Affected URL : https://vulnerable_site/wfo/control/my_notifications?NEWUINAV= Steps to reproduce : 1. An attacker needs to put the malicious payload in the parameter  NEWUINAV The URL to be submitted would look like below, https://vulnerable_site/wfo/control/my_notifications?NEWUINAV= "><script>alert(document.cookie)<