CVE-2026-21730: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Verint Verba
CVE-2026-21730 is a stored Cross-Site Scripting (XSS) vulnerability in Verint Verba affecting the login logging mechanism. An unauthenticated attacker can inject malicious script code into the username field during failed login attempts. This malicious payload is stored in application logs and executed in the administrator's browser when viewing these logs. The vulnerability was fixed in version 10. 0. 6. The CVSS score is 5. 3, indicating a medium severity level.
AI Analysis
Technical Summary
Verint Verba contains a stored XSS vulnerability (CWE-79) in its login logging feature. When an attacker submits a login attempt with a crafted username containing malicious script, this input is logged without proper sanitization. Later, when an administrator views the logs via the web interface, the malicious script executes in the admin's browser context. This allows potential execution of arbitrary script code in the administrator's session. The issue was reported to the vendor, who did not respond initially, but the vulnerability was addressed in version 10.0.6.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to execute arbitrary script code in the context of the administrator's browser when viewing application logs. This could lead to session hijacking, unauthorized actions, or other attacks leveraging the administrator's privileges within the web application. The vulnerability does not require prior authentication and has a medium severity rating (CVSS 5.3).
Mitigation Recommendations
Upgrade Verint Verba to version 10.0.6 or later, where this vulnerability has been fixed. Since the vendor has released an official fix, applying this update is the recommended remediation. Until the update is applied, restrict access to the log viewer interface to trusted administrators only and consider additional monitoring for suspicious login attempts.
CVE-2026-21730: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Verint Verba
Description
CVE-2026-21730 is a stored Cross-Site Scripting (XSS) vulnerability in Verint Verba affecting the login logging mechanism. An unauthenticated attacker can inject malicious script code into the username field during failed login attempts. This malicious payload is stored in application logs and executed in the administrator's browser when viewing these logs. The vulnerability was fixed in version 10. 0. 6. The CVSS score is 5. 3, indicating a medium severity level.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Verint Verba contains a stored XSS vulnerability (CWE-79) in its login logging feature. When an attacker submits a login attempt with a crafted username containing malicious script, this input is logged without proper sanitization. Later, when an administrator views the logs via the web interface, the malicious script executes in the admin's browser context. This allows potential execution of arbitrary script code in the administrator's session. The issue was reported to the vendor, who did not respond initially, but the vulnerability was addressed in version 10.0.6.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to execute arbitrary script code in the context of the administrator's browser when viewing application logs. This could lead to session hijacking, unauthorized actions, or other attacks leveraging the administrator's privileges within the web application. The vulnerability does not require prior authentication and has a medium severity rating (CVSS 5.3).
Mitigation Recommendations
Upgrade Verint Verba to version 10.0.6 or later, where this vulnerability has been fixed. Since the vendor has released an official fix, applying this update is the recommended remediation. Until the update is applied, restrict access to the log viewer interface to trusted administrators only and consider additional monitoring for suspicious login attempts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-01-05T11:45:11.492Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a05da75ec166c07b0e78b0a
Added to database: 5/14/2026, 2:21:41 PM
Last enriched: 5/14/2026, 2:37:04 PM
Last updated: 5/14/2026, 3:36:30 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.