Decidedlygray

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.3 **Description** The issue affects the user interface of Revive Adserver, where several scripts are susceptible to Cross-Site Request Forgery (CSRF) attacks. The vulnerable scripts include `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, and `www/admin/tracker-modify.php`. **Recommendations** For Revive Adserver versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scripts until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Revive Adserver versions prior to 3.2.3 **Description** The issue is related to reflected XSS, where the affiliate-preview.php script in the www/admin directory is vulnerable to a reflected XSS attack. This could allow an attacker to steal the session ID of an authenticated user by tricking them into visiting a specifically crafted URL, such as "/admin/affiliate-preview.php" with malicious parameters, for example, `username` or `password`. **Recommendations** For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the affiliate-preview.php script in the www/admin directory until a patch is available. Avoid using the vulnerable script with untrusted input until the issue is resolved.