Published: 26/01/2021 Updated: 02/02/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Revive Adserver prior to 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
revive-adserver revive adserver

Revive Adserver versions 505 and below suffer from persistent and reflective cross site scripting and open redirection vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities   From: Matt ...

CWE-79 http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html http://seclists.org/fulldisclosure/2021/Jan/60 https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50 https://hackerone.com/reports/986365 https://www.revive-adserver.com/security/revive-sa-2021-001/https://nvd.nist.gov http://seclists.org/fulldisclosure/2021/Jan/60

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-22872

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect