When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
References
Configurations
Configuration 1 (hide)
|
History
17 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | |
CWE |
30 Jun 2023, 15:08
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-22 20:15
Updated : 2024-10-17 16:15
NVD link : CVE-2023-28800
Mitre link : CVE-2023-28800
CVE.ORG link : CVE-2023-28800
JSON object : View
Products Affected
zscaler
- client_connector
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')