Verint: Security Vulnerabilities
Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field.
This payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer.
The vendor was notified early about this vulnerability, but didn't respond to our messages. This issue was fixed in version 10.0.6
CVSS Score
5.3
EPSS Score
0.0
Published
2026-05-14
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
CVSS Score
8.8
EPSS Score
0.002
Published
2024-06-13
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVSS Score
6.1
EPSS Score
0.002
Published
2024-06-13
Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-02
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-10-20
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVSS Score
6.1
EPSS Score
0.201
Published
2021-12-15
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-10-08
Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
CVSS Score
5.3
EPSS Score
0.005
Published
2020-09-22
Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-08-21
A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-08-21
Page 1