The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android,...
Moderate severity
Unreviewed
Published
Oct 25, 2023
to the GitHub Advisory Database
•
Updated Feb 15, 2024
Description
Published by the National Vulnerability Database
Oct 25, 2023
Published to the GitHub Advisory Database
Oct 25, 2023
Last updated
Feb 15, 2024
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.
References