CVE-2023-53887
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zomp | zomplog | 3.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53887 is a cross-site scripting (XSS) vulnerability in Zomplog version 3.9. It allows authenticated users to inject malicious JavaScript code when creating new pages by exploiting the "Add new page" functionality. Attackers can craft malicious image source (src) and onerror attributes to execute arbitrary JavaScript in the victim's browser when the page is viewed. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary JavaScript execution in the browsers of users who view the maliciously crafted pages. This can result in session hijacking, defacement, or other malicious actions performed on behalf of the victim user. Since it requires authenticated access to create pages, an attacker with low privileges can still exploit it to affect other users. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to create a new page with a malicious XSS payload in the title field, such as `<img src=x onerror=alert(5)>`. A proof-of-concept HTTP POST request targets the endpoint `/zimplitcms/zimplit.php` with parameters including `file=index.html`, `newname=img_src=x_onerror=alert(5).html`, and `title=<img src=x onerror=alert(5)>`. Monitoring HTTP requests for such suspicious POST requests or testing the 'Add new page' functionality with this payload can help detect the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or reviewing authenticated user permissions to prevent unauthorized page creation, sanitizing and validating user input on the server side to neutralize malicious scripts, and avoiding rendering untrusted HTML content without proper encoding. Additionally, monitoring and blocking suspicious POST requests targeting the vulnerable endpoint can help reduce exploitation risk until a patch or update is applied. [1, 2]