CVE-2021-22888

Summary

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/revive-adserver/revive-adserverFixed in v5.2.0affected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS) - Reflected (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References