CVE-2025-59902 – HTML injection in NICE Chat

CVE ID : CVE-2025-59902

Published : Feb. 3, 2026, 10:15 a.m. | 1 hour, 1 minute ago

Description : HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the ‘firstName’ and ‘lastName’ parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…