ReviveAdserver Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-22872 - Vulnerability Database

ReviveAdserver Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-22872

Medium

Reference: CVE-2021-22872

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-22872

Title: ReviveAdserver Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115 some older browsers (e.g. IE10) that do not automatically URL encode parameters were still vulnerable.