CVE-2021-33849

Summary

A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.

Affected Software

VendorProductVersion RangeStatus
ZohoZoho CRM Lead Magnet1.7.2.4affected

Weaknesses

  • Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CVE Program Container

Additional References

References