Description
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.
Remediation
References
Related Vulnerabilities
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2694)
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26272)
WordPress Plugin Insert or Embed Articulate Content into WordPress Directory Traversal (4.2999)