WEB APPLICATION VULNERABILITIES Standard & Premium

ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-5433)

Description

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.

Remediation

References

Related Vulnerabilities

WordPress Plugin Advanced Access Manager Security Bypass (3.2.1)

Liferay Portal Incorrect Authorization Vulnerability (CVE-2021-33335)

WordPress Plugin Product Catalog SQL Injection (4.2.2)

WordPress Plugin Shoppable Images Multiple Vulnerabilities (1.0.0)

SharePoint CVE-2021-28450 Vulnerability (CVE-2021-28450)

Severity

Medium

Classification

CVE-2019-5433 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities