Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneSolov9evH1:1187820
HistoryMay 07, 2021 - 2:35 p.m.

Revive Adserver: Reflected XSS on /admin/stats.php

2021-05-0714:35:04
solov9ev
hackerone.com
12

0.002 Low

EPSS

Percentile

61.3%

JSON

Hi, Security Team!

Linked to the reports:

In the past reports, we have corrected Reflected XSS. But recently it turned out that with the parameter breakdown = affiliates, this vulnerability still works. (Fixed when parameter breakdown = history).

  • Go to http://revive-adserver.loc/admin/stats.php?entity=global&breakdown=affiliates&statsBreakdown=day%27%20onclick=alert(document.domain)%20accesskey=X%20
  • For the payload to be executed, the user needs to press the access key combination for the hidden input field (for Firefox, Alt+Shift+X, see this for other browsers).

{F1292520}

{F1292519}

Impact

With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website.

Related

osv 1
nvd 1
hackerone 1
cve 1
prion 1
cvelist 1
osv
osv
CVE-2021-22948
2021-09-23 13:15:08
nvd
nvd
CVE-2021-22948
2021-09-23 13:15:08
hackerone
hackerone
Revive Adserver: Use of a Broken or Risky Cryptographic Algorithm
2021-08-16 15:14:50
cve
cve
CVE-2021-22948
2021-09-23 13:15:08
prion
prion
Design/Logic Flaw
2021-09-23 13:15:00
cvelist
cvelist
CVE-2021-22948
2021-09-23 12:44:20

0.002 Low

EPSS

Percentile

61.3%

JSON
Related for H1:1187820
osv1nvd1hackerone1cve1prion1cvelist1