CVE-2025-27208

Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.5.2

Description A reflected Cross-Site Scripting (XSS) issue exists in Revive Adserver version 5.5.2. An attacker could potentially cause a user with access to the user interface of a Revive Adserver instance to execute injected JavaScript code in their browser by tricking them into clicking a specially crafted URL. The vulnerability is located in the admin-search.php file and can be exploited through the compact parameter. The session cookie is not accessible, but other operations could be performed.

Recommendations Update Revive Adserver to a newer version that addresses this vulnerability. As a temporary workaround, avoid clicking on untrusted URLs related to the Revive Adserver user interface.