CVE-2021-22871
Published
CVSS v3
4.8
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
The world's most popular free, open source ad serving system. You can download the latest release at:
GitHub