Vulnerabilities > Hubspot > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-5879 | Cross-site Scripting vulnerability in Hubspot The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. | 5.4 |
| 2021-02-19 | CVE-2020-12668 | Incorrect Authorization vulnerability in Hubspot Jinjava Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. | 6.5 |
| 2019-01-03 | CVE-2018-18893 | Unspecified vulnerability in Hubspot Jinjava Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java. | 5.3 |