Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Apr 7, 2026

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

CVE-2023-53985

Description

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.

Affected products

Leon Mbs/ZstoreOSV
Range: 1.0.3, 1.1.0, 3.0.0, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51207mitreexploit
www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xssmitrethird-party-advisory
github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4mitretechnical-description
zippy.com.uamitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000