Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions
Vulnerability Description
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input before rendering it in the page response. Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Workbench allows XSS Targeting Error Pages. This vulnerability is fixed in 65.0.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Workbench 跨站脚本漏洞
Vulnerability Description
Workbench是Force.com Workbench开源的一个Salesforce数据与元数据管理的Web工具套件。 Workbench 65.0.0之前版本存在跨站脚本漏洞,该漏洞源于footerScripts参数存在反射型跨站脚本漏洞,在页面响应中渲染前未清理用户输入,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A