Description
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2004-1387)
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9866)
WordPress Plugin WordPress Simple Shopping Cart Cross-Site Scripting (4.6.1)
MongoDb Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-7923)
Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-10889)