Description
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1130)
Oracle JRE CVE-2023-21968 Vulnerability (CVE-2023-21968)
WordPress Plugin AJAX Random Post Cross-Site Scripting (2.00)
WordPress Plugin Brizy-Page Builder Cross-Site Scripting (2.3.26)
WordPress Plugin Special Text Boxes Arbitrary File Upload (5.1.90)