An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
References
Link | Resource |
---|---|
https://docs.unsafe-inline.com/0day/asp.net-zero-v12.3.0-html-injection-leads-to-open-redirect-via-websockets-cve-2023-48003 | Exploit Third Party Advisory |
https://github.com/passtheticket/vulnerability-research/blob/main/aspnetzero_html_injection_via_websockets_messages.md | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-12-26T00:00:00
Updated: 2023-12-26T21:40:37.645702
Reserved: 2023-11-13T00:00:00
Link: CVE-2023-48003
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-26T22:15:13.907
Modified: 2024-01-04T03:17:21.990
Link: CVE-2023-48003
JSON object: View
Redhat Information
No data.
CWE