CVE-2021-22948 - AskarLabs CVE Database

CVE-2021-22948

Vendor N/A

Product https://github.com/revive-adserver/revive-adserver

Weakness CWE-79 · XSS

Published September 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.

Key dates

02Disclosure timeline

September 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22948 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-13597 XSS in iKSORIS CVE-2024-2284 boyiddha Automated-Mess-Management-System Chat Book chat.php cross site scripting CVE-2022-38209 Reflected XSS vulnerability in Portal for ArcGIS CVE-2026-39500 WordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-7100 Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode