Description
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2026-34095)
phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)
Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)
WordPress Plugin Advanced Ads-Ad Manager & AdSense Unspecified Vulnerability (1.7.1.1)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-36129)