← back
CVE-2022-37462

CVE-2022-37462

CVSS 5.4 MEDIUMEPSS 0.6%CWE-79
A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.campusguard.com/post/going-beyond-pen-testing-to-identify-zero-day-exploitshttps://www.upstreamworks.com/support/notifications/