CNNVD-202601-3168 Information
CNNVD ID
CNNVD-202601-3168
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。 Revive Adserver存在安全漏洞,该漏洞源于afr.php交付脚本存在反射型跨站脚本漏洞,攻击者可构造包含HTML有效载荷的特定URL,可能导致登录管理员访问时执行恶意脚本。
Description (English)
Revive Adserver is an open-source advertising management system for the Revive Adserver team. The system provides advertising, position management, data statistics, etc. Revive Adserver has a security loophole, which stems from the reflective cross-site script gap in the script delivered by afr.php, where the assailant can construct a specific URL containing an HTML payload, which may lead to the execution of malicious scripts when the login administrator visits.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Revive Adserver
Published
2026-01-20
Last Modified
2026-02-24
References
https://hackerone.com/reports/3468169 https://access.redhat.com/security/cve/cve-2026-21664
Patch
https://www.revive-adserver.com/download/
Share on: