{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53887","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-13T14:25:05.001Z","datePublished":"2025-12-15T20:28:22.198Z","dateUpdated":"2026-04-07T14:07:12.787Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-04-07T14:07:12.787Z"},"title":"Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation","descriptions":[{"lang":"en","value":"Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79","type":"CWE"}]}],"affected":[{"vendor":"Zomplog","product":"Zomplog","versions":[{"version":"3.9","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/51625","name":"ExploitDB-51625","tags":["exploit"]},{"url":"https://web.archive.org/web/20080616153330/http://zomp.nl/zomplog/","name":"Zomplog Archived Product Webpage","tags":["product"]},{"name":"VulnCheck Advisory: Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/zomplog-cross-site-scripting-vulnerability-via-page-creation"}],"credits":[{"lang":"en","value":"Mirabbas Ağalarov","type":"finder"}],"x_generator":{"engine":"vulncheck"},"datePublic":"2023-07-28T00:00:00.000Z"},"adp":[{"references":[{"url":"https://www.exploit-db.com/exploits/51625","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-15T21:37:49.263372Z","id":"CVE-2023-53887","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-15T21:46:43.279Z"}}]}}