CVE-2023-26448

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The issue arises from custom log-in and log-out locations defined as jslob, which were not checked for malicious protocol handlers. This oversight allows malicious script code to be executed within the victim's context, potentially leading to session hijacking or triggering unwanted actions via the web interface and API. An attacker would need temporary access to the user's account or lure a user to a compromised account to exploit this. The problem is addressed by sanitizing jslob content for those locations to prevent redirects to malicious content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.