Arbitrary Code Execution via $rewrite Filter Option in Adblock Plus

Arbitrary Code Execution via $rewrite Filter Option in Adblock Plus

CVE-2019-11593 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.

Learn more about our Web App Pen Testing.