CVE-2023-28799

Medium

A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would…

Zscaler·CWE-1287·Published 2023-06-22

CVSS

6.1

EPSS

0.00

KEV

Exploits

cve.orgen

225 chars

A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.

NVDen

225 chars

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.2	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N