CVE-2025-55123

MEDIUM

Revive Adserver 5.5.2 and 6.0.1 - Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory
https://hackerone.com/reports/3404968

Scores

CVSS v3 5.4
EPSS 0.0038
EPSS Percentile 29.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
revive-adserver/revive_adserver 6.0.0
Published Nov 20, 2025
Tracked Since Feb 18, 2026