CVE-2025-59902

Vulnerability Description

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft.

Vulnerability Details

Published Date

February 03, 2026

Last Modified

February 03, 2026

CWE ID

CWE-79

Source

NVD

Vendor

NICE

Product

NICE Chat

External References

https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-nice-chat

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment