{"id":"CVE-2023-24648","details":"Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.","modified":"2026-04-12T07:25:57.090219Z","published":"2023-02-13T21:15:14.563Z","references":[{"type":"EVIDENCE","url":"https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.6.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/leon-mbs/zstore","events":[{"introduced":"0"},{"last_affected":"46efa173d9a7bba59cf6e04833ddf7b51238123e"}],"database_specific":{"cpe":"cpe:2.3:a:zippy:zstore:6.6.0:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"6.6.0"}],"source":"CPE_FIELD"}}],"versions":["1.0.3","1.1.0","3.0.0","4.6.0","4.6.1","4.8.2","4.8.4","4.8.5","4.9.0","5,3,5","5.10.0","5.2.0","5.3.0","5.3.1","5.3.5","5.4.0","5.4.1","5.5.0","5.7.0","5.9.0","5.9.1","5.9.2","6.0.0","6.3.4","6.3.5","6.3.6","6.4.0","6.4.1","6.4.2","6.4.3","6.5.0","6.5.1","6.5.2","6.5.3","6.5.4","6.5.5","6.6.0","v.1.4.0","v1.0.1","v1.0.5","v1.2.0","v1.3.0","v1.3.1","v1.3.5","v1.5.0","v1.6.0","v1.8.0","v1.8.1","v1.8.2","v3.1.0","v3.1.2","v4,1,2","v4.0.0","v4.0.2","v4.1.0","v4.1.1","v4.2.0","v4.3.0","v4.4.0","v4.4.2","v4.4.3","v4.7.0","v4.8.0","v5.0.0","v5.0.2","v5.1.0","v5.2.1","v5.2.2","v5.5.1","v5.6.0","v5.6.1","v5.6.2","v5.8.0","v5.8.1","v5.8.2","v6.0.1","v6.1.0","v6.1.1","v6.1.2","v6.1.3","v6.2.0","v6.2.2","v6.3.0","v6.3.1","v6.3.2","v6.3.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24648.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}