Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24416
Reference (s):
- https://helpx.adobe.com/security/products/marketo/apsb20-60.html
- URL: https://helpx.adobe.com/security/products/marketo/apsb20-60.html