Lucene search

AdobeCVELIST:CVE-2020-24416

HistoryOct 20, 2020 - 9:52 p.m.

CVE-2020-24416 Blind stored XSS in Marketo Sales insight plugin for SalesForce

2020-10-2021:52:20

CWE-79

adobe

www.cve.org

cve-2020-24416

marketo sales insight

salesforce

cross-site scripting

vulnerability

malicious scripts

browser executable

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

34.4%

JSON

Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CNA Affected

[
  {
    "product": "Marketo",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "1.4355",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/marketo/apsb20-60.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

34.4%

JSON

Related for CVELIST:CVE-2020-24416