CVE-2022-37775 Genesys PureConnect Interaction Web Tools Chat Service has XSS in the Printable Chat History via the participant -> name JSON POST parameter.
This injection can be used for issuing a XSS attack to the system users or to other systems if the users are logged in to other systems. The injection is located in the Printable Chat History page, in the participant->name JSON field. The following PoC can be used to reproduce the issue: !---XSS---> html> body> script> function getXSSData() { return 'h1>XSS/h1>'; } /script> h1>{getXSSData()}/h1> /body> /html>
CVE-2023-37769
This injection can be used for issuing a CSRF attack to the system users or to other systems if the users are logged in to other systems. The injection is located in the Printable Chat History page, in the participant->name JSON field. The following PoC can be used to reproduce the issue: !---CSRF---> html> body> script> function getCSRFData() { return 'h1>CSRF/h1>'; } /script> h1>{getCSRFData()}/h1> /body> /html>
CVE-2023-37766
This injection can be used for issuing a XSS attack to the system users or to other systems if the users are logged in to other systems. The injection is located in the Printable Chat History page, in the participant->name JSON field. The following PoC can be used to reproduce the issue: !---XSS--->
html> body> script> function getXSSData() { return 'h1>XSS/h1>'; } /script> h1>{getXSSData()}/h1> /body> /html>
CVE-2023-37768
This injection can be used for issuing a XSS attack to the system users or to other systems if the users are logged in to other systems. The injection is located in the Printable Chat History page, in the participant->name JSON field. The following PoC can be used to reproduce the issue: !---XSS---> html> body> script> function getXSSData() { return 'h1>XSS/h1>'; } /script> h1>{getXSSData()}/h1> /body> /html>
CVE-2023-37746
This vulnerability can be exploited to execute cross-site scripting attack against other websites, as the attacker may be able to read/write DOM elements. The vulnerability is located in the comments feature of the website, in the string "Emmas Comments" (in PHP) of comments-controller.php file. The following PoC can be used to reproduce the issue: !---XSS---> html> body> script> function getXSSData() { return 'h1>XSS/h1>'; } /script> h1>{getXSSData()}/h1> /body> /html>
Timeline
Published on: 09/16/2022 17:15:00 UTC
Last modified on: 09/20/2022 18:27:00 UTC
References
- http://genesys.com
- https://cxsecurity.com/issue/WLB-2022090038
- https://help.genesys.com/pureconnect/mergedprojects/wh_tr/desktop/pdfs/web_tools_dg.pdf
- http://packetstormsecurity.com/files/168410/Genesys-PureConnect-Cross-Site-Scripting.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37775