Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: hackerone
Published: 2021-01-21T19:15:11
Updated: 2024-08-03T18:51:07.525Z
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-22871

No data.

Status : Modified
Published: 2021-01-26T18:16:19.020
Modified: 2024-11-21T05:50:48.367
Link: CVE-2021-22871

No data.