![Full Disclosure: [REVIVE-SA-2025-001] Revive Adserver Vulnerability](https://seclists.org/images/fulldisclosure-logo.png "Full Disclosure: [REVIVE-SA-2025-001] Revive Adserver Vulnerability"){kind=logo}
Revive Adserver versions up to 5.5.2 are affected by a reflected XSS vulnerability that could allow attackers to execute malicious scripts through crafted URLs targeting the admin-search.php script. Users are recommended to upgrade to version 6.0.0 to mitigate the risk. #ReviveAdserver #XSSVulnerability
Keypoints
- Revive Adserver versions 5.5.2 and below are vulnerable to reflected XSS attacks.
- The vulnerability exploits the ‘compact’ GET parameter in the admin-search.php script.
- An attacker can trick a logged-in administrator into visiting a malicious URL to execute scripts.
- Updating to version 6.0.0 is strongly advised to fix this security flaw.
- The vulnerability does not allow session cookie theft, limiting potential disruption.