CVE-2023-53985

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53985

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53985.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53985

Published

2026-01-13T23:15:59.607Z

Modified

2026-03-15T22:47:57.099533Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.

References

Affected packages

Git / github.com/leon-mbs/zstore

Affected ranges

Type

GIT

Repo

https://github.com/leon-mbs/zstore

Events

Introduced

Last affected

cce0430456ccb06451f27181cd6cd23fdd2634cd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.5.4"
        }
    ]
}

Affected versions

1.*

1.0.3

1.1.0

3.*

3.0.0

4.*

4.6.0

4.6.1

4.8.2

4.8.4

4.8.5

4.9.0

Other

5,3,5

v4,1,2

5.*

5.10.0

5.2.0

5.3.0

5.3.1

5.3.5

5.4.0

5.4.1

5.5.0

5.7.0

5.9.0

5.9.1

5.9.2

6.*

6.0.0

6.3.4

6.3.5

6.3.6

6.4.0

6.4.1

6.4.2

6.4.3

6.5.0

6.5.1

6.5.2

6.5.3

6.5.4

6.5.5

v.*

v.1.4.0

v1.*

v1.0.0

v1.0.1

v1.0.5

v1.1.1

v1.2.0

v1.3.0

v1.3.1

v1.3.5

v1.5.0

v1.6.0

v1.8.0

v1.8.1

v1.8.2

v3.*

v3.1.0

v3.1.2

v4.*

v4.0.0

v4.0.2

v4.1.0

v4.1.1

v4.2.0

v4.3.0

v4.4.0

v4.4.2

v4.4.3

v4.7.0

v4.8.0

v5.*

v5.0.0

v5.0.2

v5.1.0

v5.2.1

v5.2.2

v5.5.1

v5.6.0

v5.6.1

v5.6.2

v5.8.0

v5.8.1

v5.8.2

v6.*

v6.0.1

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.2.0

v6.2.2

v6.3.0

v6.3.1

v6.3.2

v6.3.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53985.json"