CNNVD-202601-3170 Information
CNNVD ID
CNNVD-202601-3170
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。 Revive Adserver存在安全漏洞,该漏洞源于banner-acl.php脚本存在反射型跨站脚本漏洞,攻击者可构造包含HTML有效载荷的特定URL,可能导致登录管理员访问时执行恶意脚本。
Description (English)
Revive Adserver is an open-source advertising management system for the Revive Adserver team. The system provides advertising, position management, data statistics, etc. Revive Adserver has a security loophole, which stems from a reflector-acl.php script with a reflector cross-site script gap, and the assailant can construct a specific URL containing an HTML payload, which may lead to the performance of malicious scripts during access by login administrators.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Revive Adserver
Published
2026-01-20
Last Modified
2026-02-24
References
https://hackerone.com/reports/3473696 https://access.redhat.com/security/cve/cve-2026-21663
Patch
https://www.revive-adserver.com/download/
Share on: