CVE-2025-55124

Summary

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.

Affected Software

VendorProductVersion RangeStatus
ReviveRevive Adserver6 <= 6.0.1affected
ReviveRevive Adserver6.0.2 <= 6.0.2unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References