Revive Adserver Reflected Cross-Site Scripting Vulnerability in Banner ACL Script

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the `banner-acl.php` script of Revive Adserver. This issue allows an attacker to create a URL containing an HTML payload in a parameter. When a logged-in administrator clicks the link, the HTML is rendered in the browser, executing any included malicious scripts. The vulnerability arises because certain request parameters were output without proper sanitization, enabling the injection of harmful content that could be executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.

Added: Jan 20, 2026, 9:18 PM

Updated: Jan 20, 2026, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.7

remediation

7.9

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.7

remediation

7.9

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Revive Adserver Reflected Cross-Site Scripting Vulnerability in Banner ACL Script

Vulnerability

Impact

Affected Products

Revive Adserver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating