CVE-2019-19306 – Zoho CRM Lead Magnet <= 1.6.9.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19306
The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via module, EditShortcode, or LayoutName. El plugin Zoho CRM Lead Magnet versión 1.6.9.1 para WordPress, permite XSS por medio del módulo, EditShortcode o LayoutName. • https://cybersecurityworks.com/zerodays/cve-2019-19306-zoho.html https://github.com/cybersecurityworks/Disclosed/issues/16 https://wordpress.org/plugins/zoho-crm-forms/#developers https://wpvulndb.com/vulnerabilities/9919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-5963 – Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-5963
Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Zoho SalesIQ versión 1.0.8 y anteriores, permite a los atacantes remotos secuestrar la autenticación de administradores por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN88962935/index.html https://wordpress.org/plugins/zoho-salesiq https://wpvulndb.com/vulnerabilities/9433 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-5962 – Zoho SalesIQ <= 1.0.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-5962
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site-scripting (XSS) en Zoho SalesIQ versión 1.0.8 y anteriores, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN88962935/index.html https://wordpress.org/plugins/zoho-salesiq https://wpvulndb.com/vulnerabilities/9433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15645 – Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15645
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. El plugin zoho-salesiq versiones anteriores a 1.0.9 para WordPress, tiene una vulnerabilidad de tipo CSRF. • https://wordpress.org/plugins/zoho-salesiq/#developers https://wpvulndb.com/vulnerabilities/9433 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-15644 – Zoho SalesIQ <= 1.0.8 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15644
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. El plugin zoho-salesiq versiones anteriores a 1.0.9 para WordPress, tiene una vulnerabilidad de tipo XSS almacenado. • https://wordpress.org/plugins/zoho-salesiq/#developers https://wpvulndb.com/vulnerabilities/9433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •