CVE-2023-53931 MEDIUM

CVE-2023-53931: Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings

Vendor Revive-Adserver
Product revive-adserver
Weakness CWE-79 · XSS
Published December 17, 2025
Last update April 7, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.

Key dates

02Disclosure timeline

December 17, 2025 CVE published
April 7, 2026 Record updated