Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reflected XSS ------------- The HackerOne user @decidedlygray has reported that the affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack via the "charset" parameter. If the target system is running a Revive Adserver version older than 3.2.2, such a vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL. A CVE-ID has been requested, but not assigned yet. CWE: CWE-79 CVSSv2: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
- Loading branch information