Every CVE whose affected-product data names Zippy Zstore, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2023-24648 — CVSS 6.1 (medium): Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.
CVE-2023-53985 — CVSS 6.1 (medium): Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject…