Lucene search

K
cvelistHackeroneCVELIST:CVE-2021-22889
HistoryMar 25, 2021 - 7:40 p.m.

CVE-2021-22889

2021-03-2519:40:55
CWE-79
hackerone
www.cve.org

EPSS

0.001

Percentile

41.9%

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.

CNA Affected

[
  {
    "product": "https://github.com/revive-adserver/revive-adserver",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in v5.2.0"
      }
    ]
  }
]

EPSS

0.001

Percentile

41.9%

Related for CVELIST:CVE-2021-22889