{"id":7729,"date":"2021-09-01T19:27:09","date_gmt":"2021-09-02T02:27:09","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=zerodays&#038;p=7729"},"modified":"2023-02-27T12:39:37","modified_gmt":"2023-02-27T19:39:37","slug":"cve-2021-33849-stored-cross-site-scripting-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4","status":"publish","type":"zerodays","link":"https:\/\/10.42.32.162\/zerodays\/cve-2021-33849-stored-cross-site-scripting-in-wordpress-plugin-zoho-crm-lead-magnet-version-1-7-2-4\/","title":{"rendered":"CVE-2021-33849 &#8211; Stored Cross-Site Scripting in WordPress Plugin (ZOHO CRM Lead Magnet Version 1.7.2.4)"},"content":{"rendered":"<p>A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user\u2019s browser while the browser is connected to a trusted website. The attack targets your application&#8217;s users and not the application itself while using your application as the attack&#8217;s vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.<\/p>\n","protected":false},"featured_media":7735,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7729"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/zerodays"}],"version-history":[{"count":10,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7729\/revisions"}],"predecessor-version":[{"id":15311,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7729\/revisions\/15311"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7735"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}