CVE-2023-53985
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS
Description
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.
GitHub