Description
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.
Remediation
References
Related Vulnerabilities
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-53907)
WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)
Moodle Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-62397)
Moodle Incorrect Authorization Vulnerability (CVE-2025-26531)