← volver
CVE-2021-33849

CVE-2021-33849

EPSS 1.0%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 oct 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
Productos afectados
Zoho · Zoho CRM Lead Magnet

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.htmlhttps://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html