When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 17 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
Thu, 17 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. |
MITRE
Status: PUBLISHED
Assigner: Zscaler
Published: 2023-06-22T19:15:55.258Z
Updated: 2024-12-06T15:13:35.280Z
Reserved: 2023-03-23T18:29:15.802Z
Link: CVE-2023-28800
Vulnrichment
Updated: 2024-08-02T13:51:38.796Z
NVD
Status : Modified
Published: 2023-06-22T20:15:09.373
Modified: 2024-11-21T07:56:02.353
Link: CVE-2023-28800
Redhat
No data.