CVE-2023-53887 — MEDIUM (5.4)

Vulnerability Description

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zomp	Zomplog	3.9

Related Weaknesses (CWE)

CWE-79

References

https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/Product
https://www.exploit-db.com/exploits/51625ExploitThird Party AdvisoryVDB Entry
https://www.vulncheck.com/advisories/zomplog-cross-site-scripting-vulnerability-Third Party AdvisoryExploit
https://www.exploit-db.com/exploits/51625ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2023-53887?

CVE-2023-53887 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror at...

How severe is CVE-2023-53887?

CVE-2023-53887 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-53887?

Check the references section above for vendor advisories and patch information. Affected products include: Zomp Zomplog.