CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53985

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/leon-mbs/zstore
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4
https://www.exploit-db.com/exploits/51207
https://www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xss
https://zippy.com.ua/

Products affected by CVE-2023-53985

Zippy » Zstore » Version: 6.5.4

cpe:2.3:a:zippy:zstore:6.5.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53985

Products

Pricing

Contact Us