CVE-2021-36450
published 2021-12-15CVE-2021-36450: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
PriorityP357medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
68.86%
99.3th percentile
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| verint | workforce_optimization | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3C%2Fh1%3E26↗
url/wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3Ch1%3E%26↗
path/wfo/control/signin
- →Shodan/FOFA fingerprint for identifying exposed Verint WFO instances: search for login page title 'Verint Sign-in'.
- →FOFA query to identify Verint WFO instances: title="verint sign-in".
- →Google dork to identify Verint WFO instances: intitle:"verint sign-in".
- →The POST body to the signin endpoint includes browserCheckEnabled, username, and csrfp_login fields; the CSRF token is extracted via regex from the Set-Cookie header: csrfp_login=([a-zA-Z0-9]+);
- →CSRF token extraction regex from response header for chaining the two-step exploit: csrfp_login=([a-zA-Z0-9]+);
- →Content-Type for the POST exploitation request must be application/x-www-form-urlencoded.
- ·Exploitation is a two-step process: first a GET to extract the csrfp_login CSRF token from the Set-Cookie header, then a POST to the signin endpoint with the token and the XSS payload embedded in the 'rd' redirect parameter targeting NEWUINAV.
- ·The vulnerability is confirmed only on Verint Workforce Optimization version 15.2.8.10048; other versions are not confirmed vulnerable by the available sources.
- ·Detection requires following up to 2 redirects after the POST request to observe the reflected XSS payload in the final response body.
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-36450 [MEDIUM] Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.
Template:
id: CVE-2021-36450
info:
name: Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting
author: atomiczsec
severity: medium
description: Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patch or upgrade to a non-vulnerab
No writeups or analysis indexed.
http://verint.comhttps://medium.com/%401nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.htmlhttp://verint.comhttps://medium.com/%401nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html
2021-12-15
Published