Revive Adserver: Open redirect in switch account functionality
To reproduce this vulnerability: 1. You have to be logged in user 2. Enter address: http:///www/admin/account-switch.php?returnurl=http://127.0.0.1:12345/test This is due to unrestricted redirection url passed in in the returnurl parameter. I would recommend to use some kind of whitelisting or a...