// For flags

CVE-2022-37775

Genesys PureConnect Cross Site Scripting

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.

El servicio de chat de Genesys PureConnect Interaction Web Tools (hasta al menos el 26 de septiembre de 2019) permite un ataque de tipo XSS dentro del historial de chat imprimible por medio del parĂ¡metro POST JSON del participante -) name

Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scripting vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-08 CVE Reserved
  • 2022-09-16 CVE Published
  • 2022-09-19 First Exploit
  • 2024-08-03 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Genesys
Search vendor "Genesys"
 Pureconnect
Search vendor "Genesys" for product "Pureconnect"
 <= 2022-09-26
Search vendor "Genesys" for product "Pureconnect" and version " <= 2022-09-26"
-
Affected