CVE-2021-22872

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 5.1.0

Description The issue is related to a reflected cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the afr.php delivery script, which is publicly accessible. Although this issue was previously addressed in modern browsers, some older browsers, such as IE10, that do not automatically URL encode parameters are still vulnerable.

Recommendations For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the afr.php delivery script until a patch is applied. Avoid using older browsers that do not automatically URL encode parameters to minimize the risk of exploitation.