cbcvebase.
CVE-2023-36085
published 2023-10-25

CVE-2023-36085: The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying…

PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.51%
39.4th percentile
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

Affected

1 ranges
VendorProductVersion rangeFixed in
sisqualwfmsisqualwfm>= 7.1.319.103 < 7.1.319.1117.1.319.111
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.