CVE-2023-53887

Name of the Vulnerable Software and Affected Versions Zomplog version 3.9

Description The software contains a cross-site scripting issue that permits authenticated users to inject malicious scripts during the creation of new pages. An attacker can leverage crafted malicious image source and onerror attributes to execute arbitrary JavaScript code within a victim’s browser.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input when creating new pages to prevent the injection of malicious scripts.