Description
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
Remediation
References
Related Vulnerabilities
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)
Oracle JRE CVE-2013-2465 Vulnerability (CVE-2013-2465)
WordPress Data Processing Errors Vulnerability (CVE-2014-9034)
Oracle Database Server SYS Account privilege issue (CVE-2021-2000)
WordPress Plugin Event Registration 'id' Parameter SQL Injection (5.43)