Security Advisory

CVE-2023-36085

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-24 00:00:00

Last updated 2024-08-02 16:37:41

Assigner mitre

State PUBLISHED

Description

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

← Browse all CVEs View on cve.org ↗