S4E

CVE-2020-8115 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Revive Adserver affects v. before 5.0.3.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

30 seconds

Time Interval

4 weeks

Scan only one

URL

Toolbox

-

Revive Adserver is an open-source software used for managing and displaying advertisements on websites. It allows website owners to easily monetize their online real estate while providing advertisers with a platform to reach their target audience. The software has been downloaded thousands of times and is a popular choice for small to medium-sized businesses.

The CVE-2020-8115 vulnerability detected in Revive Adserver is a reflected XSS vulnerability in the afr.php delivery script. This particular vulnerability could allow an attacker to execute arbitrary JS code on the victim's browser if they can successfully inject malicious code via the query string parameter. While there are currently no known exploits, under specific circumstances, it is possible to steal the session identifier and gain unauthorized access to the admin interface in older versions of the software.

If exploited, this vulnerability can lead to several issues for website owners and advertisers alike. Firstly, it could allow an attacker to gain access to sensitive information stored in the admin interface, such as user credentials and financial data. Secondly, it could allow an attacker to inject malware or other harmful scripts into the advertising network, potentially affecting users who interact with the advertisements. Lastly, it could damage the reputation of the website owner and the advertisers, leading to loss of trust among the users.

As a reminder, those who read this article can easily and quickly learn about vulnerabilities in their digital assets using the pro features of the s4e.io platform. With access to real-time threat intelligence and automated vulnerability scanning, users can stay on top of any potential security risks and take prompt action to remediate them. Don't let vulnerabilities go undetected - sign up for s4e.io today.

 

REFERENCES

Get started to protecting your Free Full Security Scan