CVE-2025-55126

{"id": "CVE-2025-55126", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-11-20T19:16:18.880", "references": [{"url": "https://hackerone.com/reports/3411750", "tags": ["Exploit", "Issue Tracking"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS"}, {"lang": "es", "value": "El miembro de la comunidad de HackerOne, Dang Hung Vi (vidang04), ha reportado una vulnerabilidad de XSS almacenado que involucra el cuadro de navegaci\u00f3n en la parte superior de las p\u00e1ginas relacionadas con anunciantes, siendo los nombres de las campa\u00f1as el vector para el XSS almacenado."}], "lastModified": "2026-01-14T21:16:56.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aquaplatform:revive_adserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF3AE99-F6AB-419A-BB38-D1CDE5B195D2", "versionEndExcluding": "6.0.3", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}