Description
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.
Remediation
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3128)
MongoDb Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-20803)
WordPress Plugin Church Admin Arbitrary File Upload (1.2530)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0307)
Oracle Database Server CVE-2007-5512 Vulnerability (CVE-2007-5512)