Description
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Publication Archive 'file' Parameter Directory Traversal (2.3)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-4183)
WordPress Plugin Captcha by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (4.0.2)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)