EUVD-2025-206732

ID: EUVD-2025-206732

Severity: high

CVSS v4: 7.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft.

Timestamps

Normalized: 2026-02-03T23:24:33Z UTC
Last updated: 2026-02-03T23:24:33Z UTC

References

No references provided.

VulnAI

EUVD-2025-206732

Description

Timestamps

References