CVE-2023-53985

Name of the Vulnerable Software and Affected Versions Zippy CRM version 6.5.4

Description The software contains a reflected cross-site scripting issue that enables attackers to inject malicious scripts via unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code within a victim’s browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.