CVE-2023-53931

Description

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-17 | Updated 2025-12-27 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Mirabbas Ağalarov finder

References

www.exploit-db.com/exploits/51401 exploit

www.exploit-db.com/exploits/51401 (ExploitDB-51401) exploit

www.revive-adserver.com/ (Official Product Homepage) product

www.vulncheck.com/...-scripting-via-banner-advanced-settings (VulnCheck Advisory: Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings) third-party-advisory

cve.org (CVE-2023-53931)

nvd.nist.gov (CVE-2023-53931)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.