Security Advisory

CVE-2026-21664

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-20 20:48:47

Last updated 2026-01-21 20:45:35

Assigner hackerone

State PUBLISHED

Description

HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed.

← Browse all CVEs View on cve.org ↗