CVE-2021-22871
- Source
- https://cve.org/CVERecord?id=CVE-2021-22871
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22871.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-22871
- Published
- 2021-01-26T18:16:19.020Z
- Modified
- 2026-05-17T03:54:17.005087209Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
- References
-
- http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html
- http://seclists.org/fulldisclosure/2021/Jan/60
- https://www.revive-adserver.com/security/revive-sa-2021-001/
- https://github.com/revive-adserver/revive-adserver/commit/62a2a0439
- https://github.com/revive-adserver/revive-adserver/commit/89b88ce26
- https://hackerone.com/reports/819362