Description
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
Remediation
References
Related Vulnerabilities
WordPress Plugin Embed Articles Multiple Vulnerabilities (7.0.3)
WordPress Plugin GTM4WP Cross-Site Scripting (1.15.1)
MySQL CVE-2023-22033 Vulnerability (CVE-2023-22033)
SugarCRM Missing Authorization Vulnerability (CVE-2020-7472)
Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-29508)