CVE-2019-11593

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
29/04/2019
Last modified:
24/08/2020

Description

In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:adblockplus:adblock_plus:*:*:*:*:*:chrome:*:* 3.5.2 (excluding)