An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
References
Link | Resource |
---|---|
https://docs.unsafe-inline.com/0day/asp.net-zero-v12.3.0-html-injection-leads-to-open-redirect-via-websockets-cve-2023-48003 | Exploit Third Party Advisory |
https://github.com/passtheticket/vulnerability-research/blob/main/aspnetzero_html_injection_via_websockets_messages.md | Exploit Third Party Advisory |
https://docs.unsafe-inline.com/0day/asp.net-zero-v12.3.0-html-injection-leads-to-open-redirect-via-websockets-cve-2023-48003 | Exploit Third Party Advisory |
https://github.com/passtheticket/vulnerability-research/blob/main/aspnetzero_html_injection_via_websockets_messages.md | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.unsafe-inline.com/0day/asp.net-zero-v12.3.0-html-injection-leads-to-open-redirect-via-websockets-cve-2023-48003 - Exploit, Third Party Advisory | |
References | () https://github.com/passtheticket/vulnerability-research/blob/main/aspnetzero_html_injection_via_websockets_messages.md - Exploit, Third Party Advisory |
04 Jan 2024, 03:17
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-601 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:aspnetzero:asp.net_zero:*:*:*:*:*:*:*:* | |
References | () https://docs.unsafe-inline.com/0day/asp.net-zero-v12.3.0-html-injection-leads-to-open-redirect-via-websockets-cve-2023-48003 - Exploit, Third Party Advisory | |
References | () https://github.com/passtheticket/vulnerability-research/blob/main/aspnetzero_html_injection_via_websockets_messages.md - Exploit, Third Party Advisory |
27 Dec 2023, 18:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-26 22:15
Updated : 2024-11-21 08:30
NVD link : CVE-2023-48003
Mitre link : CVE-2023-48003
CVE.ORG link : CVE-2023-48003
JSON object : View
Products Affected
aspnetzero
- asp.net_zero
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')