Ad Inserter - Reflected cross-site scripting (XSS)
Severity pending
Summary
Full name
Ad Inserter - Ad Manager and AdSense Ads 2.8.0 - Reflected cross-site scripting (XSS)
Code name
State
Public
Release date
5 mar 2024
Affected product
Ad Inserter - Ad Manager and AdSense Ads
Affected version(s)
Version 2.8.0
Vulnerability name
Reflected cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
No
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U
Exploit available
No
CVE ID(s)
Description
Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in Ad Inserter - Ad Manager and AdSense Ads 2.8.0. The following is the output of the tool:
Skims output
Our security policy
We have reserved the ID CVE-2025-22623 to refer to this issue from now on.
System Information
Version: Ad Inserter - Ad Manager and AdSense Ads 2.8.0
Mitigation
The vendor released the version 2.8.1 with a fix for this vulnerability.
Timeline
IA generativa
6 dic 2024
Vendor Confirmed Vuln.
12 feb 2025
Vulnerability patched
3 mar 2025
Vendor contacted
11 feb 2025
Vendor replied
12 feb 2025
Public disclosure
5 mar 2025
