CVE-2025-55126

Summary

HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS

Affected Software

VendorProductVersion RangeStatus
ReviveRevive Adserver6 <= 6.0.2affected
ReviveRevive Adserver6.0.3 <= 6.0.3unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References