CVE-2023-53887
MEDIUMZomplog 3.9 - XSS
Title source: llmDescription
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.
Exploits (1)
exploitdb
WORKING POC
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51625
References (3)
Scores
CVSS v3
5.4
EPSS
0.0005
EPSS Percentile
14.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
zomp/zomplog
3.9
Zomplog/Zomplog
3.9
Published
Dec 15, 2025
Tracked Since
Feb 18, 2026