FSC-2021-1
Reflected Cross-Site Scripting Vulnerability in F-Secure Cloud Protection for Salesforce
More information
A reflected cross-site scripting vulnerability exists in the F-Secure Cloud Protection for Salesforce application. If a remote attacker is able to convince a user of a Salesforce organization, who has an active authenticated session, to visit a specially crafted link they could potentially execute arbitrary Javascript code within the scope of the user's Salesforce organization.
This issue was reported directly to F-Secure by a customer. No known exploit or attack has been seen in the wild.