Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Tue, 16 Dec 2025 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 15 Dec 2025 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser. | |
| Title | Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published: 2025-12-15T20:28:22.198Z
Updated: 2025-12-15T21:46:43.279Z
Reserved: 2025-12-13T14:25:05.001Z
Link: CVE-2023-53887
Vulnrichment
Updated: 2025-12-15T21:37:51.732Z
NVD
Status : Received
Published: 2025-12-15T21:15:51.833
Modified: 2025-12-15T22:15:46.690
Link: CVE-2023-53887
Redhat
No data.