CVE-2023-53985

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Zippy · Zstore

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/leon-mbs/zstore https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 https://www.exploit-db.com/exploits/51207 https://www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xss https://zippy.com.ua/