CVE-2023-28800

Summary

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.

Affected Software

VendorProductVersion RangeStatus
ZscalerClient Connector0 < 3.9 Mac, 3.7 Win, 1.9.3 iOS, 1.10.2 Android, 1.10.1 Chrome OS, 1.4 Linuxaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References