mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-11 00:14:52 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2021-22871
%20-%20Stored%20(CWE-79)&color=brighgreen)
Description
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
POC
Reference
- http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html
- http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html
Github
No PoCs found on GitHub currently.