CVE-2025-59902

Vulnerability Description

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft.

Related Weaknesses (CWE)

CWE-79

References

https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-nice-chat

FAQ

What is CVE-2025-59902?

CVE-2025-59902 is a documented vulnerability. HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters...

How severe is CVE-2025-59902?

CVSS scoring is not yet available for CVE-2025-59902. Check NVD for updates.

Is there a patch for CVE-2025-59902?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.