CVE-2023-48003

Name of the Vulnerable Software and Affected Versions Asp.Net Zero versions prior to 12.3.0

Description The issue is related to an open redirect through HTML injection in user messages, allowing remote attackers to redirect targeted victims to any URL via the '' in the WebSocket messages. This can be exploited by injecting malicious HTML code into user messages, enabling attackers to redirect users to arbitrary URLs. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 12.3.0, update to version 12.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of HTML in user messages or restricting the use of WebSocket messages until a patch is available. Avoid using the '' tag in WebSocket messages to minimize the risk of exploitation.