关键信息 Advisory ID: REVIVE-SA-2020-001 CVE-ID: CVE-2020-8115 Date: 2020-01-21 Risk Level: Low Affected Applications: Revive Adserver Affected Versions: = 5.0.4 Website: https://www.revive-adserver.com/ Vulnerability 1 CVE-ID: CVE-2020-8115 CVSS Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Base Score: 4.3 CVSS Impact Subscore: 1.4 CVSS Exploitability Subscore: 2.8 Description Reflected XSS vulnerability in the publicly accessible delivery script of Revive Adserver by Jacopo Tediosi. Details The query string sent to the script was printed back without proper escaping in a JavaScript context. Solution Upgrade to the most recent 5.0.4 version of Revive Adserver.