VulnerAlert



BROWSER
13-01-2026 23:30

CVE-2023-53985 Vulnerabilidad documentada

Sin puntuación
Tags
#site
#cross
#zippy
#javascript
#java
#cross-site
#browser
#vulnerability
#cross-site scripting
#attackers
#arbitrary
#scripting
#malicious
#inject
#execute
#allow
#attack
Descripción
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points execute arbitrary JavaScript code victim's browser context.
https://github.com/leon-mbs/zstore
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4
https://www.exploit-db.com/exploits/51207
https://www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xss
https://zippy.com.ua/
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2023-53985
Resultados similares
Coincidentes en almenos en 50% de los tags
14-01-2026
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited Microsoft on ...
Ver información
13-01-2026 CVE-2022-50908
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inj...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por