cvedb.io
CVE-2019-5433
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2019-05-06T17:29:00.620 · Last modified 2026-06-17T02:37:40.793

Summary

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0.

Affected products

revive-adserver — revive_adserver

Does this affect you?

Add your gear to cvedb and we'll alert you only when revive-adserver ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.