You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Persistent XSS
--------------
Johan Caluwe has reported via HackerOne two vectors for persistent XSS
Revive Adserver user interface, both requiring a trusted (non-admin) account:
1. the website name wasn't properly escaped when displayed in the
campaign-zone.php script;
2. the banner image url for external banners wasn't properly escaped when
displayed in most of the banner related pages.
A CVE-ID has been requested, but not assigned yet.
CWE: CWE-79
CVSSv2: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
0 commit comments