Unrated severityNVD Advisory· Published Jan 21, 2021· Updated Aug 3, 2024
CVE-2021-22872
CVE-2021-22872
Description
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Revive Adserver/Revive Adserverdescription
- Range: <5.1.0
Patches
Vulnerability mechanics
References
6- packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2021/Jan/60mitremailing-listx_refsource_FULLDISC
- github.com/revive-adserver/revive-adserver/commit/00fdb8d0emitrex_refsource_MISC
- github.com/revive-adserver/revive-adserver/commit/1dbcf7d50mitrex_refsource_MISC
- hackerone.com/reports/986365mitrex_refsource_MISC
- www.revive-adserver.com/security/revive-sa-2021-001/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.