Nuance Digital Engagement Platform Cross-Site Scripting Vulnerability Allowing Spoofing
Vulnerability
A cross-site scripting vulnerability has been identified in the Nuance Digital Engagement Platform. This issue arises from improper input neutralization during web page generation, allowing an authorized attacker to inject malicious scripts. These scripts can be executed in the context of the victim's browser, potentially leading to spoofing attacks over the network.
Impact
Exploitation of this vulnerability could allow an authorized attacker to inject malicious JavaScript that is executed in the context of the victim's browser. This could be used to read information from the victim's browser related to the vulnerable URL and send it to the attacker, facilitating spoofing attacks.
Remediation
Affected customers are advised to enable the 'Block XSS' option in their program's configuration settings to prevent JavaScript injection. All impacted customers have been notified by the Nuance team to make this update.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.