{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21664", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-02T15:00:02.871Z", "datePublished": "2026-01-20T20:48:47.976Z", "dateUpdated": "2026-01-21T20:45:35.234Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Revive", "product": "Revive Adserver", "versions": [{"version": "6", "status": "affected", "lessThanOrEqual": "6.0.4", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/3468169"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-20T20:48:47.976Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-21T20:44:13.874346Z", "id": "CVE-2026-21664", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T20:45:35.234Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21664", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T20:44:13.874346Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T20:45:22.627Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "Revive", "product": "Revive Adserver", "versions": [{"status": "affected", "version": "6", "versionType": "semver", "lessThanOrEqual": "6.0.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/3468169"}], "descriptions": [{"lang": "en", "value": "HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-20T20:48:47.976Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21664", "state": "PUBLISHED", "dateUpdated": "2026-01-21T20:45:35.234Z", "dateReserved": "2026-01-02T15:00:02.871Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-01-20T20:48:47.976Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aquaplatform:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA08D1C-3638-4E0D-AC58-A8527E77536F", "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed."}], "id": "CVE-2026-21664", "lastModified": "2026-02-03T21:04:36.013", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-01-20T21:16:07.223", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/3468169"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T04:42:28.911678+00:00", "value": {"mitigation_remediation": ["Update Revive Adserver to the latest version once a security patch addressing the afr.php XSS issue is released.", "Limit access to the afr.php endpoint by configuring authentication checks or disabling the script for non\u2011admin users until a fix is available.", "Implement input sanitization or a web application firewall to block reflected XSS payloads reaching the afr.php script.", "Enforce strong administrator credentials and enable multi\u2011factor authentication to reduce the impact of potential exploitation."], "summary": {"action": "Apply Patch", "impact": "Reflected Cross\u2011Site Scripting (XSS) Vulnerability"}, "threat_synthesis": {"affected_systems": "Revive Adserver supplied by Revive. No specific affected versions are listed in the CVE data, so all deployed installations of Revive Adserver may be at risk until a vendor patch is released.", "description_and_impact": "A reflected XSS flaw exists in the afr.php delivery script used by Revive Adserver. When an attacker crafts a URL containing malicious HTML content in a parameter, a logged\u2011in administrator who visits that URL will have the payload rendered by their browser, enabling the execution of arbitrary scripts in the context of the administrator account. Because the attack requires the target to be authenticated, successful exploitation can lead to session hijacking, credential theft, or further lateral movement within the system.", "risk_and_exploitability": "The flaw carries a moderate severity CVSS score of 6.1. The EPSS score is reported at less than 1%, indicating low but non\u2011zero likelihood of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. The attacker must be a logged\u2011in administrator, and the threat vector is inferred to be a web\u2011based attack via a crafted URL. Given the moderate score and low exploitation probability, the risk is moderate but the potential impact on confidentiality and integrity is significant if an administrator is compromised."}}}}, "created": "2026-01-21T11:18:44.507318+00:00", "title": "Reflected Cross\u2011Site Scripting in Revive Adserver afr.php Delivery Script", "updated": "2026-04-18T04:45:36.866310+00:00", "vendors": ["revive", "revive$PRODUCT$adserver"]}