Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Apr 7, 2026
Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
CVE-2023-53985
Description
Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/51207mitreexploit
- www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xssmitrethird-party-advisory
- github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4mitretechnical-description
- zippy.com.uamitreproduct
News mentions
0No linked articles in our index yet.