CVE-2023-53931

Medium CVSS: 5.1

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.

Vendor

Revive-adserver

Product

Revive Adserver

CWE

CWE-79

Yayın Tarihi

2025-12-17 23:15:52

Güncelleme

2025-12-27 17:15:44

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Revive Adserver MEDIUM Revive-adserver 2025

Referanslar

https://www.exploit-db.com/exploits/51401 https://www.revive-adserver.com/ https://www.vulncheck.com/advisories/revive-adserver-cross-site-scripting-via-banner-advanced-settings https://www.exploit-db.com/exploits/51401

Benzer Kayıtlar

Medium

CVE-2025-52669

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes no…

Medium

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete…

Medium

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes…

Medium

CVE-2025-55123

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be a…

Medium

CVE-2025-55124

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.

High

CVE-2025-48986

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change othe…