CVE-2023-23208 in Administrator Extension
Summary
by MITRE • 08/13/2023
Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/07/2025
The vulnerability identified as CVE-2023-23208 affects the Genesys Administrator Extension (GAX) version prior to 9.0.105.15, specifically within the iWD plugin's Business Structure page. This represents a critical security flaw that allows attackers to execute malicious scripts in the context of a victim's browser session. The issue manifests as a cross site scripting vulnerability that could potentially enable unauthorized access to sensitive administrative functions and data within the Genesys environment. The affected component resides within the iWD plugin which is commonly used for workforce management and contact center operations, making it a prime target for attackers seeking to compromise customer service infrastructure.
This XSS vulnerability stems from inadequate input validation and output encoding within the Business Structure page functionality of the iWD plugin. The flaw occurs when user-supplied data is not properly sanitized before being rendered back to the browser, allowing malicious scripts to be injected and executed. The vulnerability is classified under CWE-79 as "Cross-site Scripting" and specifically represents a stored XSS vector since the malicious content can persist in the application's database and affect multiple users. The attack typically involves an attacker crafting malicious input that gets stored in the system and subsequently executed when other users view the affected page. This type of vulnerability is particularly dangerous in administrative interfaces where privileged users access sensitive business data and configuration settings.
The operational impact of this vulnerability extends beyond simple script execution to potentially compromise entire contact center operations and customer data integrity. An attacker could exploit this vulnerability to steal session cookies, redirect users to malicious sites, or inject additional malicious code that could escalate privileges within the GAX environment. Given that GAX serves as an administrative interface for Genesys systems, successful exploitation could lead to unauthorized access to workforce management data, customer information, and configuration settings that control critical business processes. The vulnerability affects not just individual user sessions but could potentially provide attackers with persistent access to administrative functions, making it a significant risk to business continuity and data security. This aligns with ATT&CK technique T1531 for "Modify System Image" and T1059.007 for "Command and Scripting Interpreter: JavaScript" in lateral movement and persistence scenarios.
Organizations should prioritize immediate patching of affected systems to remediate this vulnerability, as the GAX component is integral to Genesys contact center operations and typically requires elevated privileges to access. The recommended mitigation includes upgrading to GAX version 9.0.105.15 or later, which contains the necessary input validation and output encoding fixes. Additional protective measures should include implementing web application firewalls to detect and block malicious script patterns, conducting regular security assessments of administrative interfaces, and establishing monitoring for unusual activity in the Business Structure page. Network segmentation around administrative interfaces can help limit the scope of potential exploitation, while user training on recognizing suspicious input patterns and maintaining updated browser security settings can provide additional defense layers. Security teams should also consider implementing content security policies and regular input validation testing to prevent similar vulnerabilities from emerging in other components of the Genesys ecosystem.