CVE-2026-34951
Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
14th
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input before rendering it in the page response. Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Workbench allows XSS Targeting Error Pages. This vulnerability is fixed in 65.0.0.
| CWE | CWE-79 |
| Vendor | forceworkbench |
| Product | forceworkbench |
| Published | Apr 6, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for forceworkbench forceworkbench
Be the first to know when new medium vulnerabilities affecting forceworkbench forceworkbench are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
forceworkbench / forceworkbench
< 65.0.0