CVE-2025-52667

Description

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.

PUBLISHED Reserved 2025-06-18 | Published 2025-11-20 | Updated 2025-12-01 | Assigner hackerone

Product status

References

hackerone.com/reports/3399809

cve.org (CVE-2025-52667)

nvd.nist.gov (CVE-2025-52667)

Download JSON