CNNVD-202601-3171 Information
CNNVD ID
CNNVD-202601-3171
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。 Revive Adserver存在安全漏洞,该漏洞源于banner-acl.php和channel-acl.php脚本容易受到反射型跨站脚本攻击,攻击者可构造包含HTML有效载荷的特定URL,可能导致登录管理员访问时执行恶意脚本。
Description (English)
Revive Adserver is an open-source advertising management system for the Revive Adserver team. The system provides advertising, position management, data statistics, etc. Revive Adserver has a security loophole, which stems from the vulnerability of the Banner-acl.php and channel-acl.php scripts to reflect-type cross-station scripts, where the attackers can construct specific URLs containing HTML payloads, which may result in malicious scripts being performed by login administrators during access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Revive Adserver
Published
2026-01-20
Last Modified
2026-02-24
References
https://hackerone.com/reports/3470970 https://access.redhat.com/security/cve/cve-2026-21642
Patch
https://www.revive-adserver.com/download/
Share on: