lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201611081809.uA8I95oH024726@sf01web3.securityfocus.com> Date: Tue, 8 Nov 2016 18:09:05 GMT From: sanehsingh@...trolcase.com To: bugtraq@...urityfocus.com Subject: URL Redirection Vulnerability In Verint Impact 360 URL Redirection Vulnerability In Verint Impact 360 Overview ======== * Title : URL Redirection Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor Description =========== About the Product ================= Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application. Vulnerable Parameter -------------------- UserSettings_Frames.aspx?returl=URL About Vulnerability ------------------- Verint Impact 360 application is vulnerable to URL redirection vulnerability. This type of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page. #Live Poc URL https://XXX/Ultra/Settings/UserSettings_Frames.aspx?returl=/Ultra/HomePage_Frames.aspx Mitigation ========== Contact Verint team for Mitigation. Disclosure ========== 29-August-2016 Reported to Verint Team Credits ======= * Sanehdeep Singh * Senior Consultant * ControlCase International Pvt Ltd.
Powered by blists - more mailing lists