Tejas Pingulkar

Vulnerable Software : Verint Workforce Optimization (WFO) Vulnerability:  HTML Injection Affected Version:  15.2 Vendor Homepage:    https://www.verint.com CVE:  CVE-2020-13480 CVE Author:  Tejas Nitin Pingulkar Exploit Available:  POC Available About Affected Software Verint Workforce Optimization is a suite of unified software and services for capturing interactions and managing the performance of employees across the enterprise or in targeted areas of your business, including: Back-office operations Branch operations Contact centers Financial trading rooms Additional Information Verint WFO application provides functionality to send receive emails within an application. However application fails to sanitize user input. Exploit: 1. Open send email function  2. Write your payload inside the body POC: Timeline: Initial Email Sent: 21 May 2020 — No response Followup 2: 25 May 2020 — No response Followup 3: 26 May 2020 — No response CVE Generated: 26 May 2020 Followup 4:08 June 2020 — No