CVE-2023-26692

MEDIUM

ZCBS/ZBBS/ZPBS 4.14k - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-26692. PoCs published by Abdulaziz Saad, bigzooooz.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in ZCBS/ZBBS/ZPBS v4.14k via the 'ident' parameter in 'objecten.pl'. The PoC uses a crafted URL to inject an img tag with an onerror event that triggers an alert.

Description

ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).

Exploits (2)

exploitdb WORKING POC
by Abdulaziz Saad · textwebappscgi
https://www.exploit-db.com/exploits/51347

This exploit demonstrates a reflected XSS vulnerability in ZCBS/ZBBS/ZPBS v4.14k via the 'ident' parameter in 'objecten.pl'. The PoC uses a crafted URL to inject an img tag with an onerror event that triggers an alert.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ZCBS/ZBBS/ZPBS v4.14k
No auth needed
Prerequisites: Access to the vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by bigzooooz · poc
https://github.com/bigzooooz/CVE-2023-26692

This repository contains a functional proof-of-concept for a reflected XSS vulnerability in ZCBS/ZBBS/ZPBS v4.14k, exploiting the `ident` parameter in the `objecten.pl` script. The exploit demonstrates how an attacker can inject malicious JavaScript via a crafted URL.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ZCBS/ZBBS/ZPBS v4.14k
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0222
EPSS Percentile 84.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (3)
zcbs/zbbs
zcbs/zcbs
zcbs/zpbs
Published Mar 30, 2023
Tracked Since Feb 18, 2026