Description
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
Remediation
References
Related Vulnerabilities
Dotclear Improper Access Control Vulnerability (CVE-2015-8832)
WordPress Plugin WooCommerce Salesforce Integration Cross-Site Scripting (1.5.8)
WordPress 4.9.x Prototype Pollution (4.9 - 4.9.19)
XWiki CVE-2023-48241 Vulnerability (CVE-2023-48241)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)