CVE-2025-59902 HIGH

CVE-2025-59902: HTML injection in NICE Chat

Vendor Nice
Product NICE Chat
Weakness CWE-79 · XSS
Published February 3, 2026
Last update February 3, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, which could enable phishing attacks, impersonation, or credential theft.

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 3, 2026 Record updated