Post Commit

2 exploits Active since Jan 2021
CVE-2021-22871 WRITEUP MEDIUM WRITEUP
Revive Adserver < 5.1.0 - Stored Cross-Site Scripting via URL Website Property
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
CVSS 4.8
CVE-2021-22872 WRITEUP MEDIUM WRITEUP
Revive Adserver < 5.1.0 - Reflected Cross-Site Scripting via afr.php Delivery Script
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
CVSS 6.1