[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cross Site Scripting Vulnerability In Verint Impact 360


* Title : Cross Site Scripting Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com 
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor


About the Product
Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application. 

Vulnerable Parameter 

Send Message > Select Employee >

requiredPrivilegeIDs= XSS Payload

About Vulnerability
Verint Impact 360 application is vulnerable to a  Cross Site Scripting Vulnerability which allows an attacker to perform the phishing or session hijaking attacks. Attackers can redirect the user to fake page to obtain the username and passwords or inject scripts to steal the cookies which can lead to session hijacking attacks.

Vulnerability Class
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)

#Live Poc URL

Contact Verint team for Mitigation.

29-August-2016 Reported to Verint Team
* Sanehdeep  Singh 
* Senior Consultant
* ControlCase International Pvt Ltd.