Reflected XSS in Revive Adserver <= 5.0.3 Delivery Script
A reflected XSS vulnerability is found in the afr.php script of Revive Adserver version 5.0.3 and below. This is public information and was discovered by Jacopo Tediosi. There are no known exploits yet because the session identifier is safely stored in an http-only cookie from version 3.2.2. But in older versions, it's possible to steal the session identifier in certain situations. This could let someone access the admin interface. The script at www/delivery/afr.php repeats the query string without proper security checks in a JavaScript setting. This allows attackers to run any JS code on the victim's browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
revive-adserver revive adserver |