Back to search
CVE-2019-5433
Published: May 6, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
| Vendor | Product | Versions |
|---|---|---|
n/a | Revive Adserver | affected Fixed version v4.2.0 |
Weaknesses (CWE)
References
https://www.revive-adserver.com/security/revive-sa-2019-001/
x_refsource_MISC
https://hackerone.com/reports/390663
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now