Description
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0505 Vulnerability (CVE-2016-0505)
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)
WordPress Plugin BuddyPress Global Search Cross-Site Scripting (1.1.0)
Liferay Portal Missing Authorization Vulnerability (CVE-2022-38512)