CNNVD-202601-1901 Information

CNNVD ID

CNNVD-202601-1901

Related CVE

CVE-2023-53985

• CNNVD Published: 2026-01-13

Description (Chinese)

Zippy-CRM是Leon个人开发者的一个具有Web界面的会计系统。 Zippy-CRM 6.5.4版本存在跨站脚本漏洞，该漏洞源于未验证输入参数，可能导致反射型跨站脚本攻击。

Description (English)

Zippy-CRM is an accounting system with a Web interface for Leon personal developers. Version Zippy-CRM 6.5.4 has a cross-site script loophole, which originates from unverified input parameters and may result in a reflector-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/zstore-reflected-cross-site-scripting-xss https://www.exploit-db.com/exploits/51207 https://zippy.com.ua/ https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 https://github.com/leon-mbs/zstore https://access.redhat.com/security/cve/cve-2023-53985