Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Zoho CRM Lead Magnet by Zoho

    CVE-2021-33849 (GCVE-0-2021-33849)

    Vulnerability from nvd – Published: 2021-10-05 21:43 – Updated: 2024-08-04 00:05
    VLAI
    Summary
    A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
    Severity
    No CVSS data available.
    CWE
    • Improper Neutralization of Input During Web Page Generation
    Assigner
    CSW
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:51.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoho CRM Lead Magnet",
              "vendor": "Zoho",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted website. The attack targets your application\u0027s users and not the application itself while using your application as the attack\u0027s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-05T21:43:47.000Z",
            "orgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
            "shortName": "CSW"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclose@cybersecurityworks.com",
              "ID": "CVE-2021-33849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoho CRM Lead Magnet",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoho"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted website. The attack targets your application\u0027s users and not the application itself while using your application as the attack\u0027s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of Input During Web Page Generation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html",
                  "refsource": "MISC",
                  "url": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html"
                },
                {
                  "name": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html",
                  "refsource": "MISC",
                  "url": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
        "assignerShortName": "CSW",
        "cveId": "CVE-2021-33849",
        "datePublished": "2021-10-05T21:43:47.000Z",
        "dateReserved": "2021-06-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:05:51.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33849 (GCVE-0-2021-33849)

    Vulnerability from cvelistv5 – Published: 2021-10-05 21:43 – Updated: 2024-08-04 00:05
    VLAI
    Summary
    A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
    Severity
    No CVSS data available.
    CWE
    • Improper Neutralization of Input During Web Page Generation
    Assigner
    CSW
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:05:51.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Zoho CRM Lead Magnet",
              "vendor": "Zoho",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted website. The attack targets your application\u0027s users and not the application itself while using your application as the attack\u0027s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-05T21:43:47.000Z",
            "orgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
            "shortName": "CSW"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "disclose@cybersecurityworks.com",
              "ID": "CVE-2021-33849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Zoho CRM Lead Magnet",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Zoho"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted website. The attack targets your application\u0027s users and not the application itself while using your application as the attack\u0027s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of Input During Web Page Generation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html",
                  "refsource": "MISC",
                  "url": "https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html"
                },
                {
                  "name": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html",
                  "refsource": "MISC",
                  "url": "https://cybersecurityworks.com/zerodays/cve-2021-33849-stored-cross-site-scripting-xss-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
        "assignerShortName": "CSW",
        "cveId": "CVE-2021-33849",
        "datePublished": "2021-10-05T21:43:47.000Z",
        "dateReserved": "2021-06-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T00:05:51.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }