Headline
CVE-2022-37462: Notifications -
A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.
UPSTREAM WORKS NOTIFICATIONS
Upstream Works Not Affected by Apache Log4j Library Vulnerabilities
December 17, 2021 – This notification is in reference to the recent report about potential vulnerabilities in the Apache Log4j Logging library affecting all Log4j2 versions prior to 2.15.0.