Revive Adserver Security Advisory REVIVE-SA-2023-001
- Advisory ID: REVIVE-SA-2023-001
- CVE-IDs: CVE-2023-38040
- Date: 2023-09-13
- Risk Level: Very low
- Applications affected: Revive Adserver
- Versions affected: <= 5.4.1
- Versions not affected: >= 5.5.0
- Website: https://www.revive-adserver.com/
Vulnerability: Reflected XSS
- Vulnerability type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) [CWE-79]
- CVE-ID: CVE-2023-38040
- CVSS Base Score: 0.0
- CVSSv3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
- CVSS Impact Subscore: 0.0
- CVSS Exploitability Subscore: 1.6
Description
HackerOne user l4stb1t has reported multiple reflected XSS vectors in the al.php delivery script, via the provided “layerstyles” functionality. The output of the script is however plain javascript which won’t be executed by a browser directly, but output as text, posing no immediate threat.
Details
Some GET parameters sent to the al.php delivery script were used in the output without proper sanitisation, allowing an attacker to craft specific URLs and have payloads output in the HTML, JS, and/or CSS context. Successful exploitation requires an attacker to plant on a third party website a <script> tag loading such URLs and have the payloads executed.
References
Solution
We strongly advise people to upgrade to the most recent 5.5.0 version of Revive Adserver, or whatever happens to be the current release at the time of reading this security advisory.
Contact Information
The security contact for Revive Adserver can be reached at: <security AT revive-adserver DOT com>
Please review https://www.revive-adserver.com/security/ before doing so.