CVE-2026-34951
Reflected XSS in Workbench FooterScripts Allows Error Page Attacks
Publication date: 2026-04-06
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| salesforce | workbench | to 65.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers to hijack authenticated user sessions by injecting malicious scripts via the footerScripts parameter.
The impact includes limited information disclosure and limited unauthorized modification, but no impact on system availability.
- Attackers can remotely exploit this vulnerability over the network.
- No privileges are required for an attacker to exploit this vulnerability.
- User interaction is required for the attack to succeed.
Can you explain this vulnerability to me?
CVE-2026-34951 is a reflected cross-site scripting (XSS) vulnerability in the Workbench PHP package used to interact with Salesforce.com organizations. It occurs because the footerScripts parameter does not properly sanitize user-supplied input before rendering it in the page response.
This improper neutralization allows attackers to inject malicious scripts that execute in the context of a victim's browser, particularly targeting error pages.
The vulnerability affects all versions up to and including 53.0.0 and has been fixed in version 65.0.0.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a reflected cross-site scripting (XSS) issue involving the footerScripts parameter in Workbench versions up to 53.0.0. Detection involves testing if the footerScripts parameter improperly sanitizes input and reflects it in the page response.
A common method to detect reflected XSS vulnerabilities is to send a crafted HTTP request with a benign script payload in the footerScripts parameter and observe if it is executed or reflected unsanitized in the response.
For example, you can use curl or similar tools to send a request like:
- curl -v "http://[target]/footer.php?footerScripts=<script>alert('XSS')</script>"
If the response contains the script tag unescaped or the script executes in a browser, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Workbench to version 65.0.0 or later, where this reflected XSS vulnerability has been fixed.
Until the upgrade can be performed, users should avoid interacting with untrusted input in the footerScripts parameter and consider restricting access to the affected Workbench versions.
Additionally, applying web application firewall (WAF) rules to detect and block suspicious scripts in requests targeting the footerScripts parameter can help reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this reflected cross-site scripting (XSS) vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.