{"id":7788,"date":"2019-10-14T20:13:05","date_gmt":"2019-10-15T03:13:05","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=zerodays&#038;p=7788"},"modified":"2023-02-06T11:56:51","modified_gmt":"2023-02-06T18:56:51","slug":"cve-2019-19306-zoho","status":"publish","type":"zerodays","link":"https:\/\/10.42.32.162\/zerodays\/cve-2019-19306-zoho\/","title":{"rendered":"CVE-2019-19306 &#8211; Reflected Cross-Site Scripting in ZOHO CRM Lead Magnet"},"content":{"rendered":"<p>A vulnerability was discovered on WordPress plugin ZOHO CRM Lead Magnet 1.6.9.1. An input variable vulnerable to XSS are \u2018Module,\u2019 \u2018EditShortcode,\u2019 and \u2018LayoutName\u2019 in the Zoho CRM form creation page. A vulnerability allows an attacker to inject malicious code into the WordPress plugin ZOHO CRM Lead magnet by providing XSS payload as a value for vulnerable variables.<\/p>\n","protected":false},"featured_media":7794,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7788"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/zerodays"}],"version-history":[{"count":5,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7788\/revisions"}],"predecessor-version":[{"id":13694,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/zerodays\/7788\/revisions\/13694"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7794"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}