Vulnerability Database

322,935

Total vulnerabilities in the database

CVE-2023-53985

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.

Published: Jan 13, 2026
Updated: Jan 15, 2026
CVE: CVE-2023-53985
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://github.com/leon-mbs/zstore
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4
https://www.exploit-db.com/exploits/51207
https://www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xss
https://zippy.com.ua/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo