CVE-2025-55124

Name of the Vulnerable Software and Affected Versions Revive Adserver versions 6.0.0 and later

Description A flaw exists in Revive Adserver that allows for a reflected cross-site scripting (XSS) attack. This issue is located in the banner-zone.php script due to improper handling of user-supplied input. The vulnerability could allow an attacker to inject malicious scripts into a web page viewed by other users. The banner-zone.php script does not properly sanitize input before displaying it, potentially allowing an attacker to execute arbitrary JavaScript code in the context of a user's browser.

Recommendations Update Revive Adserver to a version where this issue is resolved. As a temporary workaround, consider implementing strict input validation and output encoding for all user-supplied data within the banner-zone.php script.