Description
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
Remediation
References
Related Vulnerabilities
WordPress Plugin Verse-O-Matic Cross-Site Request Forgery (4.1.1)
Oracle Application Server Other Vulnerability (CVE-2002-0843)
MongoDb CVE-2024-7553 Vulnerability (CVE-2024-7553)
MySQL CVE-2016-5635 Vulnerability (CVE-2016-5635)
WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (3.3.7.1)