CVE-2019-5962 – Zoho SalesIQ <= 1.0.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-5962
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site-scripting (XSS) en Zoho SalesIQ versión 1.0.8 y anteriores, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN88962935/index.html https://wordpress.org/plugins/zoho-salesiq https://wpvulndb.com/vulnerabilities/9433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15645 – Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15645
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. El plugin zoho-salesiq versiones anteriores a 1.0.9 para WordPress, tiene una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/zoho-salesiq/#developers https://wpvulndb.com/vulnerabilities/9433 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-15644 – Zoho SalesIQ <= 1.0.8 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15644
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. El plugin zoho-salesiq versiones anteriores a 1.0.9 para WordPress, tiene una vulnerabilidad de tipo XSS almacenado. • https://wordpress.org/plugins/zoho-salesiq/#developers https://wpvulndb.com/vulnerabilities/9433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-5963 – Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-5963
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Zoho SalesIQ versión 1.0.8 y anteriores, permite a los atacantes remotos secuestrar la autenticación de administradores por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN88962935/index.html https://wordpress.org/plugins/zoho-salesiq https://wpvulndb.com/vulnerabilities/9433 • CWE-352: Cross-Site Request Forgery (CSRF) •