VYPR
Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Apr 7, 2026

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

CVE-2023-53985

Description

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.