CVE-2025-27208

Medium CVSS: 6.1

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed.

The vulnerability is present in the admin-search.php file and can be exploited via the compact parameter.

Vendor

Revive-adserver

Product

Revive Adserver

CWE

CWE-79

Yayın Tarihi

2025-10-31 00:15:36

Güncelleme

2025-12-01 20:15:50

Source Identifier

support@hackerone.com

KEV Date Added

Kategoriler

CWE-79 Revive Adserver MEDIUM Revive-adserver 2025

Referanslar

https://hackerone.com/reports/3091390 http://seclists.org/fulldisclosure/2025/Oct/20

Benzer Kayıtlar

Medium

CVE-2023-53931

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allow…

Medium

CVE-2025-52669

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes no…

Medium

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete…

Medium

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes…

Medium

CVE-2025-55123

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be a…

Medium

CVE-2025-55124

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.