Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
Weakness: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
This section is open source, for any additional information that enhances or clarifies the official advisory above.
Exploits for CVE-2021-22874 are not publicly available.
Revive Adserver: Reflected XSS on /admin/userlog-index.php
submitted by solov9ev about 1 month ago
publicly disclosed about 1 month ago