Elastica Cloud Threat Labs discovered the vulnerability in admin.salesforce.com, a subdomain used by Salesforce for blogging purposes. Elastica reported the discovery to Salesforce, following standard disclosure guidelines for giving the company time to respond and address the issue. Because the vulnerability existed in a sub domain, versus the primary Salesforce website, Salesforce considered it a low-impact threat. The use of Salesforces trusted server provided an opportunity for attackers to execute JavaScript to steal cookies and session identifiers, force users to visit phishing sites that extract credentials.”]
Source: https://informationsecuritybuzz.com/news/disclosing-script-injection-vulnerability-in-salesforce/