Vulnerabilities > Zscaler > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-28800 Cross-site Scripting vulnerability in Zscaler Client Connector
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
network
low complexity
zscaler CWE-79
6.1
6.1
2021-07-15 CVE-2020-11634 Uncontrolled Search Path Element vulnerability in Zscaler Client Connector
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. 		6.9
6.9