CVE-2021-22888 - OpenCVE

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Revive-adserver	Revive Adserver

Configuration 1 [-]

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/revive-adserver/revive-adserver/commit/f472d890	Patch Third Party Advisory
https://hackerone.com/reports/1097979	Exploit Third Party Advisory
https://www.revive-adserver.com/security/revive-sa-2021-003/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2021-03-25T19:40:41

Updated: 2021-03-25T19:40:41

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22888

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-25T20:15:12.507

Modified: 2021-03-27T02:44:16.250

Link: CVE-2021-22888

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "https://github.com/revive-adserver/revive-adserver", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in v5.2.0"}]}], "descriptions": [{"lang": "en", "value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-25T19:40:41", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1097979"}, {"tags": ["x_refsource_MISC"], "url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2021-22888", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "https://github.com/revive-adserver/revive-adserver", "version": {"version_data": [{"version_value": "Fixed in v5.2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/1097979", "refsource": "MISC", "url": "https://hackerone.com/reports/1097979"}, {"name": "https://www.revive-adserver.com/security/revive-sa-2021-003/", "refsource": "MISC", "url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"}, {"name": "https://github.com/revive-adserver/revive-adserver/commit/f472d890", "refsource": "MISC", "url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22888", "datePublished": "2021-03-25T19:40:41", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-03-25T19:40:41", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "32A65BFA-7E74-4D14-80FD-4D4E5B16CD14", "versionEndExcluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code."}, {"lang": "es", "value": "Revive Adserver versiones anteriores a v5.2.0, es susceptible a una vulnerabilidad de tipo XSS reflejado en el par\u00e1metro \"status\" del archivo campaign-zone-zones.php. Un atacante podr\u00eda enga\u00f1ar a un usuario con acceso a la interfaz de usuario de una instancia de Revive Adserver para hacer clic en una URL espec\u00edficamente dise\u00f1ada y ejecutar c\u00f3digo JavaScript inyectado"}], "id": "CVE-2021-22888", "lastModified": "2021-03-27T02:44:16.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-25T20:15:12.507", "references": [{"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/revive-adserver/revive-adserver/commit/f472d890"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/1097979"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://www.revive-adserver.com/security/revive-sa-2021-003/"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}]}