When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
History

Fri, 06 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 17 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Description When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.

cve-icon MITRE

Status: PUBLISHED

Assigner: Zscaler

Published: 2023-06-22T19:15:55.258Z

Updated: 2024-12-06T15:13:35.280Z

Reserved: 2023-03-23T18:29:15.802Z

Link: CVE-2023-28800

cve-icon Vulnrichment

Updated: 2024-08-02T13:51:38.796Z

cve-icon NVD

Status : Modified

Published: 2023-06-22T20:15:09.373

Modified: 2024-11-21T07:56:02.353

Link: CVE-2023-28800

cve-icon Redhat

No data.