vulnerability
WordPress Plugin: zoho-crm-forms: CVE-2021-33849: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Sep 1, 2021 | May 15, 2025 | Jun 24, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Sep 1, 2021
Added
May 15, 2025
Modified
Jun 24, 2025
Description
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a userand#8217;s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
Solution
zoho-crm-forms-plugin-cve-2021-33849

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.