WEB APPLICATION VULNERABILITIES Standard & Premium

ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-5433)

Description

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.

Remediation

References

Related Vulnerabilities

Dotclear Improper Access Control Vulnerability (CVE-2015-8832)

WordPress Plugin WooCommerce Salesforce Integration Cross-Site Scripting (1.5.8)

WordPress 4.9.x Prototype Pollution (4.9 - 4.9.19)

XWiki CVE-2023-48241 Vulnerability (CVE-2023-48241)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)

Severity

Medium

Classification

CVE-2019-5433 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities