Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Tools
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Verint Verba software
14 May 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2026-21730
Publication date 14 May 2026
Vendor Verint
Product Verba
Vulnerable versions All before 10.0.6
Vulnerability type (CWE) Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') (CWE-79)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in Verint Verba software and participated in coordination of its disclosure.

The vulnerability CVE-2026-21730: Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of input sanitization, an attacker can inject a malicious XSS payload into the username field. This payload will be executed in the context of the administrator’s browser when the admin accesses the web application's log viewer.

This issue was fixed in version 10.0.6

Credits

We thank Jan Czerlunczakiewicz from STM Cyber for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.