CVE-2023-26692
Description
ZCBS/ZPBS/ZBBS 4.14k reflected XSS via the 'ident' parameter in objecten.pl.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ZCBS/ZPBS/ZBBS 4.14k reflected XSS via the 'ident' parameter in objecten.pl.
Vulnerability
ZCBS, ZPBS, and ZBBS version 4.14k are vulnerable to reflected cross-site scripting (XSS) in the objecten.pl script. The ident GET parameter is not properly sanitized, allowing injection of arbitrary HTML and JavaScript. [1]
Exploitation
An unauthenticated attacker can exploit this by crafting a URL with a malicious ident parameter, such as ?ident=%3Cimg%20src=x%20onerror=alert(%22XSS%22)%3E. When the victim visits this link, the injected script executes in their browser. [1]
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser, leading to potential session hijacking, defacement, or data theft. [1]
Mitigation
No official fix has been released. As a workaround, input validation and output encoding should be implemented for the ident parameter. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) as of publication. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- ZCBS/Zijper Collectie Beheer Systeemdescription
- Range: = 4.14k
- Range: = 4.14k
- Range: = 4.14k
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.