Description
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Woocommerce Category Banner Management Security Bypass (1.1.1)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21025)
WebLogic Improper Input Validation Vulnerability (CVE-2021-44832)
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)