CVE-2025-55123

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-55123

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55123.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55123

Published

2025-11-20T20:16:23.547Z

Modified

2026-04-10T05:29:48.194521Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.

References

https://hackerone.com/reports/3404968

Affected packages

Git / github.com/revive-adserver/revive-adserver

Affected ranges

Type

GIT

Repo

https://github.com/revive-adserver/revive-adserver

Events

Introduced

Last affected

d30dee449a2da3d687c66fc4c162ed0b3e39482c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0-NA"
        }
    ]
}

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v3.1.0-beta

v3.2.0

v3.2.0-beta

v3.2.1

v3.2.1-rc1

v4.*

v4.0.0

v4.0.0-rc1

v4.0.1

v4.0.2

v4.1.0

v4.1.0-rc1

v4.1.2

v4.1.3

v4.1.4

v4.2.0

v4.2.0-rc1

v4.2.1

v5.*

v5.0.0

v5.0.0-rc1

v5.0.1

v5.0.3

v5.0.4

v5.0.5

v5.1.0

v5.1.0-rc1

v5.1.1

v5.2.0

v5.2.1

v5.3.0

v5.3.0-rc1

v5.4.0

v5.4.0-rc1

v5.4.1

v6.*

v6.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55123.json"