PT-2021-15244 · Unknown · Revive Adserver
Keyur Vala
·
Published
2021-01-21
·
Updated
2021-02-01
·
CVE-2021-22871
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Revive Adserver versions prior to 5.1.0
Description
The issue allows any user with a manager account to store possibly malicious content in the URL website property. This content is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
Recommendations
For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Revive Adserver