CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23208
https://notcve.org/view.php?id=CVE-2023-23208
13 Aug 2023 — Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. • https://docs.genesys.com/Documentation/RN/9.0.x/gax90rn/gax9010515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29930
https://notcve.org/view.php?id=CVE-2023-29930
10 May 2023 — An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. • https://github.com/YSaxon/TFTPlunder • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2022-37775 – Genesys PureConnect Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-37775
16 Sep 2022 — Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. El servicio de chat de Genesys PureConnect Interaction Web Tools (hasta al menos el 26 de septiembre de 2019) permite un ataque de tipo XSS dentro del historial de chat imprimible por medio del parámetro POST JSON del participante -) name Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scri... • https://packetstorm.news/files/id/168410 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26787
https://notcve.org/view.php?id=CVE-2021-26787
15 Dec 2021 — A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. Una vulnerabilidad de tipo cross site scripting (XSS) en Genesys Workforce Management versión 8.5.214.20, puede producirse (durante la eliminación de registros) por medio del parámetro Time-off • http://genesys.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40861
https://notcve.org/view.php?id=CVE-2021-40861
08 Dec 2021 — A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. Una inyección SQL en el componente de consulta de filtro personalizado en Genesys intelligent Workload Distribution (IWD) versión 9.0.017.07, permite a un atacante ejecutar cons... • https://docs.genesys.com/Documentation/IWD • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40860
https://notcve.org/view.php?id=CVE-2021-40860
08 Dec 2021 — A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. Una inyección SQL en el componente de consulta de filtro personalizado en Genesys intelligent Workload Distribution (IWD) versiones anteriores a 9.0.013.11, permi... • https://docs.genesys.com/Documentation/IWD • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17176
https://notcve.org/view.php?id=CVE-2019-17176
11 Oct 2019 — Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). Genesys PureEngage Digital (eServices) versión 8.1.x, permite un ataque de tipo XSS por medio del archivo HtmlChatPanel.jsp o HtmlChatFrameSet.jsp (en el parámetro ActionColor, ClientNickNameColor, Email, email o email_address). • https://gist.github.com/MortalP0ison/5fd584b4c85fa13281fdc918913446fa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •