从该网页截图中可以获取到以下关于漏洞的关键信息: 严重性 (Severity): Medium 日期 (Date): January 13, 2026 受到影响版本 (Affecting): Zstore 6.5.4 CVE编号: CVE-2023-53985 CWE编号: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS评分和向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N 攻防利用DB编号: ExploitDB-51207 相关链接: - Zstore/Zippy-CRM Product Homepage - Zstore/Zippy-CRM GitHub Repository - Vulnerability Reproduction Repository 贡献者 (Credit): nu11secur1ty 描述(Descrition): Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim's browser context.