CVE-2023-53887

EUVD-2025-203428
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
zompzomplog
3.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/
https://www.exploit-db.com/exploits/51625
https://www.vulncheck.com/advisories/zomplog-cross-site-scripting-vulnerability-via-page-creation
https://www.exploit-db.com/exploits/51625