Revive Adserver 5.0.3 Cross Site Scripting

Risk: Low
Local: No
Remote: Yes

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2020-001 ------------------------------------------------------------------------ ------------------------------------------------------------------------ CVE-IDs: t.b.a. Date: 2020-01-21 Risk Level: Low Applications affected: Revive Adserver Versions affected: <= 5.0.3 Versions not affected: >= 5.0.4 Website: ======================================================================== ======================================================================== Vulnerability - Reflected XSS ======================================================================== Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] CVE-ID: t.b.a. CVSS Base Score: 4.3 CVSSv3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Impact Subscore: 1.4 CVSS Exploitability Subscore: 2.8 ======================================================================== Description ----------- A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. Details ------- The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim. References ---------- ======================================================================== Solution ======================================================================== We strongly advise people to upgrade to the most recent 5.0.4 version of Revive Adserver. ======================================================================== Contact Information ======================================================================== The security contact for Revive Adserver can be reached at: <security AT revive-adserver DOT com>. Please review before doing so. -- Matteo Beccati On behalf of the Revive Adserver Team

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top