2 matches found
CVE-2020-8143
An Open Redirect vulnerability was discovered in Revive Adserver version 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/-modify.php...
CVE-2020-8143
Revive Adserver prior to 5.0.5 is affected by an Open Redirect. An attacker can entice a logged-in user to click a crafted link and be redirected, via the returnurl parameter in admin-modify endpoints (e.g., /www/admin/campaign-modify.php). The CSRF check could be bypassed if no meaningful parame...