CVE-2023-53985

Sažetak

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.

Reference

https://github.com/leon-mbs/zstore
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4
https://www.exploit-db.com/exploits/51207
https://www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xss
https://zippy.com.ua/

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

13-01-2026 - 23:15

Objavljeno

13-01-2026 - 23:15