exploitDog

GHSA-vmwg-3qr7-49hp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Ссылки

EPSS

Процентиль: 82%

0.01783

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-24416

CVSS3: 6.1

nvd

больше 5 лет назад

Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

BDU:2020-05144

CVSS3: 6.1

fstec

больше 5 лет назад

Уязвимость пакета автоматизированной маркетинговой программы Marketo Sales Insight Salesforce, связанная с отсутствием мер по очистке входных данных, позволяющая нарушителю выполнить произвольный JavaScript-код

EPSS

Процентиль: 82%

0.01783

Низкий

CVE ID

Дефекты

CWE-79