Unrated severityNVD Advisory· Published Jun 22, 2023· Updated Dec 6, 2024
Output encoding missing in redrurl parameter
CVE-2023-28800
Description
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
6- help.zscaler.com/client-connector/client-connector-app-release-summary-2022mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/client-connector/client-connector-app-release-summary-2023mitre
- help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021mitre
News mentions
0No linked articles in our index yet.