mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 18:42:46 +00:00
1.1 KiB
1.1 KiB
CVE-2021-22872
%20-%20Reflected%20(CWE-79)&color=brightgreen)
Description
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
POC
Reference
- http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html
- https://hackerone.com/reports/986365