JVN#88962935: Multiple vulnerabilities in WordPress Plugin "Zoho SalesIQ"

ID JVN:88962935
Type jvn
Reporter Japan Vulnerability Notes
Modified 2019-05-31T00:00:00


## Description

WordPress Plugin "Zoho SalesIQ" provided by Zoho SalesIQ Team contains multiple vulnerabilities listed below.

  • Cross-site Scripting (CWE-79) - CVE-2019-5962 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1
    CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6
  • Cross-site Request Forgery (CWE-352) - CVE-2019-5963 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3
    CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6

## Impact

  • An arbitrary script may be executed on the logged in user's web browser - CVE-2019-5962
  • Accessing a specially crafted page may lead a logged in user to perform unintended operations - CVE-2019-5963

## Solution

Update the plugin
Update the plugin according to the information provided by the developer.

## Products Affected

  • Zoho SalesIQ 1.0.8 and earlier