Unrated severityNVD Advisory· Published Jun 22, 2023· Updated Dec 5, 2024
CVE-2023-28799
CVE-2023-28799
Description
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
6- help.zscaler.com/client-connector/client-connector-app-release-summary-2022mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021mitre
News mentions
0No linked articles in our index yet.