Description

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.

Remediation

References

CVE-2025-55123

Related Vulnerabilities

OpenSSL Out-of-bounds Read Vulnerability (CVE-2004-0112)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4753)

WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.20)

WordPress Plugin Easy Testimonial Manager SQL Injection (1.2.0)

WordPress Plugin BuddyPress Customer.io Analytics Integration Cross-Site Request Forgery (1.1.6)

Severity

Medium

Classification

CVE-2025-55123 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities