CVE-2020-8115 (GCVE-0-2020-8115)

Vulnerability from cvelistv5 – Published: 2020-02-04 19:08 – Updated: 2024-08-04 09:48
Summary
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
CWE
  • CWE-79 - Cross-site Scripting (XSS) - Reflected (CWE-79)
Assigner
References
Impacted products
Vendor Product Version
n/a https://github.com/revive-adserver/revive-adserver Affected: Fixed version v5.0.4
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2020-8115

Status: Confirmed

Status Updated: 2026-06-30 00:00 UTC

Exploited: Yes


Characteristics
Severity: 61.0

Timestamps
First Seen: 2023-10-23
Asserted: 2023-10-23
Last Seen: 2026-06-30

Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Revive / Revive Adserver | Class: other-software | Severity: Medium (CVSS 6.1) | IoT: no | In CISA KEV: no | Honeypot connections on 2026-06-30: 1

Evidence

Type: Honeypot

Signal: In The Wild Attempts

Confidence: 70%

Source: shadowserver


Details
1D 1
Iot no
Feed Shadowserver Foundation honeypot/exploited-vulnerabilities
Type http-scan
Class other-software
7D Avg 0
Vendor Revive
30D Avg 0
90D Avg 0
Product Revive Adserver
Cisa Kev no
Connections 1
Observation Date 2026-06-30
Vulnerability Class CVSS
Vulnerability Score 6.1
Vulnerability Severity Medium

References

Created: 2026-06-30 09:23 UTC | Updated: 2026-07-01 05:21 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2020-8115

Status: Confirmed

Status Updated: 2020-02-04 19:08 UTC

Exploited: Yes


Timestamps
First Seen: 2020-02-04
Asserted: 2020-02-04

Scope
Notes: KEVIntel entry: A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo... | Affected: n/a / https://github.com/revive-adserver/revive-adserver | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel


Details
Feed KEVIntel (kevintel.com)
Title A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo...
Vendor n/a
Product https://github.com/revive-adserver/revive-adserver
Added Date 2020-02-04T19:08:57.000Z
Cvss Score None
Epss Score None
Cvss Severity None
Epss Percentile None
Used In Malware unknown
Ahead Of Cisa Kev None
Not Yet In Cisa Kev True

References

Created: 2026-06-23 14:06 UTC | Updated: 2026-06-23 14:06 UTC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:25.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/775693"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/revive-adserver/revive-adserver",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed version v5.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver \u003c= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site Scripting (XSS) - Reflected (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T19:08:57.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/775693"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8115",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/revive-adserver/revive-adserver",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed version v5.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver \u003c= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Reflected (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/775693",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/775693"
            },
            {
              "name": "https://www.revive-adserver.com/security/revive-sa-2020-001/",
              "refsource": "MISC",
              "url": "https://www.revive-adserver.com/security/revive-sa-2020-001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8115",
    "datePublished": "2020-02-04T19:08:57.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:48:25.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-8115",
      "date": "2026-06-30",
      "epss": "0.07055",
      "percentile": "0.93402"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.3\", \"matchCriteriaId\": \"76B2099E-A9EA-4106-B234-460E5A9F43D6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver \u003c= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado una vulnerabilidad de tipo XSS reflejado en el script de entrega afr.php de acceso p\\u00fablico de Revive Adserver versiones anteriores e incluyendo a la 5.0.3 de Jacopo Tediosi. Actualmente no existen explotaciones conocidas: el identificador de sesi\\u00f3n no puede ser accedido ya que est\\u00e1 almacenado en una cookie solo http a partir de la versi\\u00f3n v3.2.2. Sin embargo, en versiones anteriores, en circunstancias espec\\u00edficas, podr\\u00eda ser posible robar el identificador de sesi\\u00f3n y conseguir acceso a la interfaz de administraci\\u00f3n. La cadena de consulta enviada en el script www/delivery/afr.php fue impresa sin escapar apropiadamente en un contexto JavaScript, permitiendo a un atacante ejecutar c\\u00f3digo JS arbitrario en el navegador de la v\\u00edctima.\"}]",
      "id": "CVE-2020-8115",
      "lastModified": "2024-11-21T05:38:19.463",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-02-04T20:15:13.213",
      "references": "[{\"url\": \"https://hackerone.com/reports/775693\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.revive-adserver.com/security/revive-sa-2020-001/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://hackerone.com/reports/775693\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.revive-adserver.com/security/revive-sa-2020-001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8115\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2020-02-04T20:15:13.213\",\"lastModified\":\"2024-11-21T05:38:19.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver \u003c= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad de tipo XSS reflejado en el script de entrega afr.php de acceso p\u00fablico de Revive Adserver versiones anteriores e incluyendo a la 5.0.3 de Jacopo Tediosi. Actualmente no existen explotaciones conocidas: el identificador de sesi\u00f3n no puede ser accedido ya que est\u00e1 almacenado en una cookie solo http a partir de la versi\u00f3n v3.2.2. Sin embargo, en versiones anteriores, en circunstancias espec\u00edficas, podr\u00eda ser posible robar el identificador de sesi\u00f3n y conseguir acceso a la interfaz de administraci\u00f3n. La cadena de consulta enviada en el script www/delivery/afr.php fue impresa sin escapar apropiadamente en un contexto JavaScript, permitiendo a un atacante ejecutar c\u00f3digo JS arbitrario en el navegador de la v\u00edctima.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.3\",\"matchCriteriaId\":\"76B2099E-A9EA-4106-B234-460E5A9F43D6\"}]}]}],\"references\":[{\"url\":\"https://hackerone.com/reports/775693\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.revive-adserver.com/security/revive-sa-2020-001/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/775693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.revive-adserver.com/security/revive-sa-2020-001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…