anonhaven
Ad

CVE-2026-34951

MEDIUM CVSS 4.0: 5.1 EPSS 0.03%
Updated Apr 07, 2026
Salesforce
Parameter Value
CVSS 5.1 (MEDIUM)
Fixed In 65.0.0
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Salesforce
Public PoC No

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input before rendering it in the page response. Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Workbench allows XSS Targeting Error Pages.

This vulnerability is fixed in 65.0.0.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Active
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 1

https://github.com/forceworkbench/forceworkbench/security/advisories/GHSA-j94x-…
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35178

Salesforce

9.3

CVE-2026-2298

Salesforce

9.4

CVE-2026-26029

Salesforce

7.5

CVE-2026-25650

Salesforce

6.6

CVE-2026-22586

Salesforce

None