CVE-2025-55123 | THREATINT

Description

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.

PUBLISHED Reserved 2025-08-07 | Published 2025-11-20 | Updated 2025-11-20 | Assigner hackerone

LOW: 3.5CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Product status

6 (semver)

affected

5 (semver)

affected

6.0.2 (semver)

unaffected

5.5.3 (semver)

unaffected

References

hackerone.com/reports/3404968 exploit

hackerone.com/reports/3404968

cve.org (CVE-2025-55123)

nvd.nist.gov (CVE-2025-55123)

Download JSON