Description
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.
Remediation
References
Related Vulnerabilities
Missing Authentication Check in SAP Solution Manager
WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)
Owncloud Cross-site Scripting (XSS) Vulnerability (CVE-2020-16255)
WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.8.6)
WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (6.5.00)