NICE Chat. This CVE-2025-59902
Lifecycle Timeline
2DescriptionCVE.org
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft.
AnalysisAI
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects NICE Chat. This vulnerability. HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft.
Affected ProductsAI
Product: NICE Chat. This vulnerability.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today