CVE-2021-22889

CVE-2021-22889

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.

Source: CVE-2021-22889

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다