The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-24T00:00:00

Updated: 2024-08-02T16:37:41.269Z

Reserved: 2023-06-21T00:00:00

Link: CVE-2023-36085

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-25T18:17:28.223

Modified: 2024-11-21T08:09:15.903

Link: CVE-2023-36085

cve-icon Redhat

No data.