Description

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.

Remediation

References

CVE-2019-5433

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2005-2089)

Oracle JRE CVE-2013-2436 Vulnerability (CVE-2013-2436)

Atlassian Confluence CVE-2023-22503 Vulnerability (CVE-2023-22503)

Liferay DXP CVE-2021-38266 Vulnerability (CVE-2021-38266)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.25)

Severity

Medium

Classification

CVE-2019-5433 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities