CVE-2026-21730— Stored XSS in Verba

Stored XSS in Verba

Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field. This payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer. The vendor was notified early about this vulnerability, but didn't respond to our messages. This issue was fixed in version 10.0.6

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Verint Verba 跨站脚本漏洞

Verint Verba是美国Verint公司的一个企业级合规通信记录与交互归档平台。 Verint Verba存在跨站脚本漏洞，该漏洞源于登录日志记录机制中缺乏输入清理，可能导致未经身份验证的远程攻击者在尝试使用错误的用户名和密码组合登录时，在用户名字段中注入恶意XSS有效载荷，该有效载荷在管理员访问Web应用程序日志查看器时在管理员浏览器环境中执行。

N/A

N/A