Vulnerability
Description
A reflected XSS vulnerability has been detected in Revive Adserver 5.0.3’s publicly accessible afr.php delivery script. As of v3.2.2, the session identifier is kept in a http-only cookie and cannot be retrieved. On older versions, however, it may be possible to steal the session identifier and gain access to the admin interface under certain circumstances. In a JavaScript context, the query string provided to the www/delivery/afr.php script was printed back without sufficient escaping, allowing an attacker to execute arbitrary JS code on the victim’s browser.
Recommendation
- Update Revive Adserver to the latest version
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
