Home / os / winnt

Verint Impact 360 15.1 Script Insertion / HTML Injection

Posted on 15 July 2020

Verint Impact 360 version 15.1 has an issue where the helpURL parameter in wfo/help/help_popup.jsp can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.

 

TOP

Malware :

Exploits :