CVE-2025-50891
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-09-18
Assigner: MITRE
Description
Description
The server-side backend for Adform Site Tracking before 2025-08-28 allows attackers to inject HTML or execute arbitrary code via cookie hijacking. NOTE: a customer does not need to take any action to update locally installed software (such as Adform Site Tracking 1.1).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adform | site_tracking | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Adform Site Tracking 1.1 allows attackers to inject HTML or execute arbitrary code by hijacking cookies. This means an attacker can manipulate the tracking system to run malicious scripts or alter content by exploiting the user's cookies.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized code execution or HTML injection, potentially compromising user data, enabling phishing attacks, or allowing attackers to manipulate website behavior, which can harm users and the integrity of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70