Revive Adserver Stored Cross-Site Scripting Vulnerability in Advertiser Campaign Names

A stored cross-site scripting vulnerability has been identified in Revive Adserver, specifically in version 6.0.2. This issue allows low-privilege authenticated users to inject HTML and JavaScript into campaign names. The injected scripts are executed when an administrator accesses the Banners advertiser/campaign picker, potentially leading to session hijacking, unauthorized administrative actions, or exposure of sensitive data.

Impact

Exploitation of this vulnerability allows for the execution of injected scripts in the context of an administrator's browser. This could result in stealing admin session cookies, performing silent actions through the admin account, disclosing sensitive information visible to admins, or further compromising the server's infrastructure.

Reproduction

To reproduce this vulnerability, log in as a low-privilege user and create or edit a campaign name by injecting a script payload. Once the campaign is saved, an administrator accessing the Banners modal will trigger the execution of the injected script.

Remediation

Users are advised to update to Revive Adserver version 6.0.2, which addresses this vulnerability.