cbcvebase.

Verint Workforce Optimization vulnerabilities

6 known vulnerabilities affecting verint/workforce_optimization.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2021-36450P3MEDIUMCVSS 6.1PoCv15.2.8.100482021-12-15
CVE-2021-36450 [MEDIUM] CWE-79 CVE-2021-36450: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINA Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
nvd
CVE-2024-36396P3HIGHCVSS 8.8fixed in 15.2.10302024-06-13
CVE-2024-36396 [HIGH] CWE-434 CVE-2024-36396: Verint - CWE-434: Unrestricted Upload of File with Dangerous Type Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
nvd
CVE-2021-41825P4MEDIUMCVSS 5.3v15.2.5.10332021-10-08
CVE-2021-41825 [MEDIUM] CWE-79 CVE-2021-41825: Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin us Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
nvd
CVE-2020-13480P4MEDIUMCVSS 5.4v15.22020-06-22
CVE-2020-13480 [MEDIUM] CWE-79 CVE-2020-13480: Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature. Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
nvd
CVE-2020-23446P4MEDIUMCVSS 5.3v15.1.0.376342020-09-22
CVE-2020-23446 [MEDIUM] CWE-639 CVE-2020-23446: Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure v Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
nvd
CVE-2024-36395P4MEDIUMCVSS 6.1v15.2.918.2622024-06-13
CVE-2024-36395 [MEDIUM] CWE-80 CVE-2024-36395: Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
nvd
Verint Workforce Optimization vulnerabilities | cvebase