Pavanw3B

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.5 Revive Adserver versions prior to 4.0.0 **Description** The issue concerns a reflected XSS attack. The Revive Adserver web installer scripts are vulnerable to this attack via parameters such as `dbHost` and `dbUser`. The window for such attack vectors is extremely narrow, making it unlikely for an attack to be effective. **Recommendations** For Revive Adserver versions prior to 3.2.5, update to version 3.2.5 or later. For Revive Adserver versions prior to 4.0.0, update to version 4.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 4.0.1 **Description** The issue allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. **Recommendations** For versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 4.0.1 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via the user's `email address`. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability to inject HTML via the `email address` field until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 4.0.1 **Description** A cross-site scripting (XSS) issue exists in the invocation code generation for interstitial zones, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters. **Recommendations** For versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue.