| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <79a6c45b-a224-4813-8829-77494f489e3d@beccati.com>
Date: Wed, 22 Oct 2025 12:04:43 +0200
From: Matteo Beccati <matteo@...cati.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] [REVIVE-SA-2025-001] Revive Adserver Vulnerability
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-001
------------------------------------------------------------------------
CVE-ID: CVE-2025-27208
Date: 2025-10-22
Risk Level: Very low
Applications affected: Revive Adserver
Versions affected: <= 5.5.2
Versions not affected: >= 6.0.0
Website: https://www.revive-adserver.com/
========================================================================
========================================================================
Vulnerability: Reflected XSS
========================================================================
Vulnerability Type: Improper Neutralization of Input During Web Page
Generation ('Cross-site Scripting')
[CWE-79]
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
========================================================================
Description
-----------
Jiasheng He (https://github.com/hebing123) from Qihoo 360 has reported a
reflected XSS vulnerability in the admin-search.php script. An attacker
can craft a specific URL that includes an HTML payload in the compact
parameter. If a logged in administrator visits the URL, the HTML is sent
to the browser and malicious scripts would be executed.
Details
-------
The "compact" GET parameter sent to the admin-search.php script is used
in the output without proper sanitisation, allowing an attacker to craft
specific URLs and have payloads output in the HTML, JS, and/or CSS
context. Successful exploitation requires an attacker to trick a logged
in administrator into visiting the crafted URL. Most importantly, the
session cookie cannot be accessed or stolen via JavaScript, so the
disruption would be limited.
References
----------
https://hackerone.com/reports/3091390
https://github.com/revive-adserver/revive-adserver/commit/0c68d1bb
https://cwe.mitre.org/data/definitions/79.html
========================================================================
Solution
========================================================================
We strongly advise people to upgrade to the most recent 6.0.0 version of
Revive Adserver.
========================================================================
Contact Information
========================================================================
The security contact for Revive Adserver can be reached at:
<security AT revive-adserver DOT com>.
Please review https://www.revive-adserver.com/security/ before doing so.
--
Matteo Beccati
On behalf of the Revive Adserver Team
https://www.revive-adserver.com/
Download attachment "OpenPGP_0x323A66AFB6C0A3D8.asc" of type "application/pgp-keys" (653 bytes)
Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists