Description
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.
Remediation
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2019-6339)
Apache Tomcat Other Vulnerability (CVE-2001-1563)
WordPress Plugin Email Artillery (MASS EMAIL) Multiple Vulnerabilities (4.1)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-2929)
PHP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-0568)