A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse up to and including 4.2.12 and 5.0 allows remote malicious users to inject arbitrary web script or HTML via AttachmentId in the file-upload details.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
upstreamworks upstream works on finesse |