NICE Chat HTML Injection Vulnerability

Vulnerability

A vulnerability allowing HTML injection has been identified in NICE Chat, a customer service and contact center solution. This issue arises from the ability to manipulate the 'firstName' and 'lastName' parameters during a chat session, injecting arbitrary HTML that is later rendered in email transcripts. The injected HTML can be exploited to conduct phishing attacks, impersonate individuals, or steal credentials.

Impact

Exploitation of this vulnerability could lead to HTML injection in email transcripts, potentially allowing for phishing attacks, impersonation, or credential theft.

Added: Feb 3, 2026, 10:19 AM

Updated: Feb 3, 2026, 5:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.8

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

4.8

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NICE Chat HTML Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating