Revive Adserver Reflected Cross-Site Scripting Vulnerability in ACL Management Scripts

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the 'banner-acl.php' and 'channel-acl.php' scripts of Revive Adserver. This issue allows an attacker to craft a URL containing an HTML payload in a specific parameter. When a logged-in administrator clicks the link, the HTML is rendered in the browser, executing any embedded malicious scripts. The vulnerability arises because the 'acls[0][executionorder]' parameter is output without proper sanitization, enabling the injection of harmful content that can be executed in HTML, JavaScript, or CSS contexts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.

Added: Jan 20, 2026, 9:19 PM

Updated: Jan 20, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.3

remediation

8.3

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.3

remediation

8.3

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Revive Adserver Reflected Cross-Site Scripting Vulnerability in ACL Management Scripts

Vulnerability

Impact

Affected Products

Revive Adserver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating