Revive Adserver Reflected Cross-Site Scripting Vulnerability in afr.php Delivery Script

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the afr.php delivery script of Revive Adserver. This issue allows an attacker to create a URL containing an HTML payload in a parameter. When a logged-in administrator clicks the link, the HTML is rendered in the browser, executing any included malicious scripts. The vulnerability arises because the target GET parameter is output without proper sanitization, enabling the injection of harmful content into HTML, JavaScript, or CSS contexts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.

Added: Jan 20, 2026, 9:19 PM

Updated: Jan 20, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.7

remediation

8.3

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.7

remediation

8.3

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Revive Adserver Reflected Cross-Site Scripting Vulnerability in afr.php Delivery Script

Vulnerability

Impact

Affected Products

Revive Adserver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating