2 matches found
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another unsafe domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was...
CVE-2019-5433
CVE-2019-5433 describes an open redirect in Revive Adserver’s admin/account-switch.php. A user with UI access could be tricked by a crafted return_url parameter into visiting an external, potentially phishing, domain, enabling credential theft or similar abuse. The issue arises from unrestricted ...