What is CVE-2020-8115?

CVE-2020-8115 is a vulnerability in Https://github.com/revive-adserver/revive-adserver, classified under Cross-site Scripting. Published 2020-02-04.

Is CVE-2020-8115 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Https://github.com/revive-adserver/revive-adserver

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is s…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.509 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a Https://github.com/revive-adserver/revive-adserver — versions Fixed version v5.0.4

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

hackerone.com/reports/775693 (x_refsource_MISC)
www.revive-adserver.com/security/revive-sa-2020-001/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-8115?: CVE-2020-8115 is a vulnerability in Https://github.com/revive-adserver/revive-adserver, classified under Cross-site Scripting. Published 2020-02-04.
Is CVE-2020-8115 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.