Genesys

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-70420 1Genesys 1Latitude May 13, 2026 Apr 21, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-su...Show more A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements.Show less
CVE-2023-23208 1Genesys 1Administrator Extension Nov 21, 2024 Aug 13, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.
CVE-2023-29930 1Genesys 1Tftp Server Jan 27, 2025 May 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.
CVE-2022-37775 1Genesys 1Pureconnect Nov 21, 2024 Sep 16, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.
CVE-2021-26787 1Genesys 1Workforce Management Nov 21, 2024 Dec 15, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.
CVE-2021-40861 1Genesys 1Intelligent Workload Distribution Manager Nov 21, 2024 Dec 8, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the d...Show more A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.Show less
CVE-2021-40860 1Genesys 1Intelligent Workload Distribution Manager Nov 21, 2024 Dec 8, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which al...Show more A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.Show less
CVE-2019-17176 1Genesys 1Eservices Chat Nov 21, 2024 Oct 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).