CVE-2021-33849 Vulnerability Details

  /     /     /  

CVE-2021-33849 Metadata Quick Info

CVE Published: 05/10/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: CSW | Vendor: Zoho | Product: Zoho CRM Lead Magnet
Status : PUBLISHED

---

CVE-2021-33849 Description

A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application\'s users and not the application itself while using your application as the attack\'s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Neutralization of Input During Web Page Generation
Source: Zoho

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).