5.4
CVE-2021-33849
- EPSS 2.19%
- Veröffentlicht 05.10.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:09:41
- Quelle disclose@cybersecurityworks.co
- CVE-Watchlists
- Unerledigt
LoginZoho CRM Lead Magnet <= 1.7.2.4 - Cross-Site Scripting
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
Mögliche Gegenmaßnahme
Zoho CRM Lead Magnet: Update to version 1.7.2.9, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Zoho CRM Lead Magnet
Version
* - 1.7.2.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Zoho Crm Lead Magnet Version1.7.2.4 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.19% | 0.839 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.