exploitDog

CVE-2023-53887

Опубликовано: 15 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.

Ссылки

https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/
Product
https://www.exploit-db.com/exploits/51625
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/zomplog-cross-site-scripting-vulnerability-via-page-creation
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/51625
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zomp:zomplog:3.9:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-47f7-v3jr-88mg

CVSS3: 5.4

github

около 2 месяцев назад

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79