Improper Encoding of Redirect URL Parameter Allows for XSS Attack and Admin Login Bypass

Improper Encoding of Redirect URL Parameter Allows for XSS Attack and Admin Login Bypass

CVE-2023-28800 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.

Learn more about our Web Application Penetration Testing UK.