Description
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Remediation
References
Related Vulnerabilities
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2007-4652)
Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)
WordPress Plugin Related Posts Cross-Site Request Forgery (2.7.1)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-2334)
WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)