Skip to main content

Workbench

1 CVEs product

Monthly

CVE-2026-34951 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Salesforce Workbench prior to version 65.0.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the footerScripts parameter on error pages, requiring user interaction to execute malicious payload. The vulnerability stems from improper input sanitization during web page generation. Vendor-released patch: version 65.0.0. No public exploit code or active exploitation confirmed at time of analysis.

XSS Workbench
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Salesforce Workbench prior to version 65.0.0 allows unauthenticated remote attackers to inject arbitrary JavaScript via the footerScripts parameter on error pages, requiring user interaction to execute malicious payload. The vulnerability stems from improper input sanitization during web page generation. Vendor-released patch: version 65.0.0. No public exploit code or active exploitation confirmed at time of analysis.

XSS Workbench
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy