CVE-2021-22889

moderate-risk

Published 2021-03-25

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.

Do I need to act?

0.90% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Revive Adserver

Affected Vendors

Revive-Adserver

References (6)

Patch https://github.com/revive-adserver/revive-adserver/commit/2f868414

Exploit https://hackerone.com/reports/1097217

Vendor Advisory https://www.revive-adserver.com/security/revive-sa-2021-003/

Patch https://github.com/revive-adserver/revive-adserver/commit/2f868414

Exploit https://hackerone.com/reports/1097217

Vendor Advisory https://www.revive-adserver.com/security/revive-sa-2021-003/

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal