Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Administrator Extension
NVD
CVSS 3.1
6.1
EPSS
0.3%
Vulnerability of permission control in the window management module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Microsoft
Emui
Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%