Verint

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21730 1Verint 1Verba Collaboration Compliance And Quality Management Platform Jun 1, 2026 May 14, 2026 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination,...Show more Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field. This payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer. The vendor was notified early about this vulnerability, but didn't respond to our messages. This issue was fixed in version 10.0.6Show less
CVE-2024-36396 1Verint 1Workforce Optimization Nov 21, 2024 Jun 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
CVE-2024-36395 1Verint 1Workforce Optimization Nov 21, 2024 Jun 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2023-33257 1Verint 1Engagement Management Nov 21, 2024 Aug 2, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.
CVE-2020-12744 1Verint 1Desktop And Process Analytics May 8, 2025 Oct 20, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
CVE-2021-36450 1Verint 1Workforce Optimization Nov 21, 2024 Dec 15, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVE-2021-41825 1Verint 1Workforce Optimization Nov 21, 2024 Oct 8, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
CVE-2020-23446 1Verint 1Workforce Optimization Nov 21, 2024 Sep 22, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API
CVE-2020-24057 1Verint 1S5120fd Firmware Nov 21, 2024 Aug 21, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection....Show more The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as 'root'.Show less
CVE-2020-24056 1Verint 34320 Firmware 5620ptz FirmwareS5120fd Firmware Nov 21, 2024 Aug 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP...Show more A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.Show less
CVE-2020-24055 1Verint 24320 Firmware 5620ptz Firmware Nov 21, 2024 Aug 21, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vuln...Show more Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not require any authentication.Show less
CVE-2019-12784 1Verint 1Impact 360 Nov 21, 2024 Jul 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" b...Show more An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.Show less
CVE-2019-12783 1Verint 1Impact 360 Nov 21, 2024 Jul 14, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be use...Show more An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.Show less
CVE-2019-12773 1Verint 1Impact 360 Nov 21, 2024 Jul 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engine...Show more An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.Show less
CVE-2020-13480 1Verint 1Workforce Optimization Nov 21, 2024 Jun 22, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
CVE-2018-17872 1Verint 2Collaboration Compliance Quality Management Platform Nov 21, 2024 Oct 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions.
CVE-2018-17871 1Verint 1Verba Collaboration Compliance And Quality Management Platform Nov 21, 2024 Oct 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Incorrect Access Control.