Please sign in to comment.
Fix h1 reports 107550 and 107634
Persistent XSS -------------- Johan Caluwe has reported via HackerOne two vectors for persistent XSS Revive Adserver user interface, both requiring a trusted (non-admin) account: 1. the website name wasn't properly escaped when displayed in the campaign-zone.php script; 2. the banner image url for external banners wasn't properly escaped when displayed in most of the banner related pages. A CVE-ID has been requested, but not assigned yet. CWE: CWE-79 CVSSv2: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
- Loading branch information...
Showing with 6 additions and 6 deletions.