CNNVD-202512-3221 Information
CNNVD ID
CNNVD-202512-3221
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。 Revive Adserver 5.4.1版本存在跨站脚本漏洞,该漏洞源于banner-advanced.php端点中prepend和append参数存在跨站脚本,可能导致执行任意JavaScript。
Description (English)
Revive Adserver is an open-source advertising management system for the Revive Adserver team. The system provides advertising, position management, data statistics, etc. Revive Adserver version 5.4.1 has a cross-site script loophole, which stems from the presence of prepend and append parameters at the Banner-advanced.php endpoint, which may result in the execution of any JavaScript.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Revive Adserver
Published
2025-12-17
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/51401 https://www.vulncheck.com/advisories/revive-adserver-cross-site-scripting-via-banner-advanced-settings https://www.revive-adserver.com/ https://access.redhat.com/security/cve/cve-2023-53931
Patch
https://www.revive-adserver.com/download/
Share on: