CVE-2025-50891

CVSS 7.2 HIGHEPSS 0.4%CWE-77 CWE-79

The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software (such as Adform Site Tracking 1.1).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Produtos afetados

Adform · server-side backend for Site Tracking

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/nikolas-ch/CVEs/blob/main/AdformTracking_ReflectedXSS/AdformTracking_ReflectedXSS.txt https://github.com/nikolas-ch/CVEs/tree/main/AdformTracking_ReflectedXSS https://www.adformhelp.com/hc/en-us/categories/9738364537233-Adform-Site-Tracking