CVE-2021-22872
Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
Revive Adserver anterior a la versión 5.1.0 es vulnerable a una vulnerabilidad de scripting cruzado (XSS) reflejada a través del script de entrega afr.php de acceso público. Si bien este problema se abordó anteriormente en los navegadores modernos como CVE-2020-8115, algunos navegadores antiguos (por ejemplo, IE10) que no codifican automáticamente los parámetros de la URL seguían siendo vulnerables
Revive Adserver versions 5.0.5 and below suffer from persistent and reflective cross site scripting and open redirection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-06 CVE Reserved
- 2021-01-21 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html | Third Party Advisory | |
http://seclists.org/fulldisclosure/2021/Jan/60 | Broken Link |
URL | Date | SRC |
---|---|---|
https://hackerone.com/reports/986365 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://github.com/revive-adserver/revive-adserver/commit/00fdb8d0e | 2021-02-02 | |
https://github.com/revive-adserver/revive-adserver/commit/1dbcf7d50 | 2021-02-02 |
URL | Date | SRC |
---|---|---|
https://www.revive-adserver.com/security/revive-sa-2021-001 | 2021-02-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Revive-adserver Search vendor "Revive-adserver" | Revive Adserver Search vendor "Revive-adserver" for product "Revive Adserver" | < 5.1.0 Search vendor "Revive-adserver" for product "Revive Adserver" and version " < 5.1.0" | - |
Affected
|