Описание
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
Ссылки
- ExploitThird Party Advisory
- PatchVendor Advisory
- ExploitThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.0 (исключая)
cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00161
Низкий
5.4 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
CWE-601
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.
EPSS
Процентиль: 37%
0.00161
Низкий
5.4 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
CWE-601