Description
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.
Remediation
References
Related Vulnerabilities
Squid Improper Input Validation Vulnerability (CVE-2019-12520)
Perl Improper Input Validation Vulnerability (CVE-2016-2381)
WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) PHP Object Injection (1.2.2)
MySQL CVE-2018-2786 Vulnerability (CVE-2018-2786)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.3)