CVE-2021-22871

Summary

Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/revive-adserver/revive-adserverFixed in 5.1.0affected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS) - Stored (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References