Lucene search
K

709 matches found

Nuclei
Nuclei
added yesterday30 views

Revive Adserver 5.4.1 - Cross-Site Scripting

A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions...

6.1CVSS6.4AI score0.01983EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday60 views

Revive Adserver <5.1.0 - Open Redirect

Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...

6.1CVSS6.3AI score0.66141EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday38 views

Revive Adserver <=5.0.3 - Cross-Site Scripting

Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php...

6.1CVSS6.6AI score0.07055EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday448 views

Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...

9.8CVSS7.5AI score0.57022EPSS
Exploits7References5
NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-50744

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS0.00173EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.7 views

CVE-2026-50740

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.10 views

CVE-2026-50739

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-50742

A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...

5.4CVSS0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:11 a.m.8 views

EUVD-2026-39604

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS6.3AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:11 a.m.13 views

CVE-2026-50739

Revive Adserver 6.0.7 and earlier expose a bypass of ownership validation in the reverse operation that links campaigns and trackers via tracker-campaigns.php. A low-privilege user could link their trackers to campaigns owned by other managers on the same instance, causing inconsistent ownership ...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/26 1:11 a.m.10 views

EUVD-2026-39601

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS5.8AI score0.00287EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.36 views

CVE-2026-50742

A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...

4.4CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:11 a.m.9 views

CVE-2026-50742

CVE-2026-50742 describes a stored XSS in Revive Adserver 6.0.7, occurring in the maintenance tools, specifically in the files maintenance-acl-check.php and maintenance-banners-check.php . The root cause is that entity names are displayed without proper escaping when inconsistencies are detected, ...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.36 views

CVE-2026-50744

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:11 a.m.9 views

EUVD-2026-39600

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:11 a.m.7 views

EUVD-2026-39603

A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...

4.4CVSS5.8AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:11 a.m.8 views

CVE-2026-50744

Revive Adserver 6.0.7 is affected by a bypass of the admin‑only restriction in the XML‑RPC API. The ox.login method returned a session ID cookie in HTTP headers and, although it reported an error, the session was not invalidated, allowing a leaked session ID to be reused for subsequent API calls ...

4.3CVSS5.9AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.36 views

CVE-2026-50739

A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the tracker-campaigns.php script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to...

4.3CVSS0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:11 a.m.16 views

CVE-2026-50740

Affected software/issue: Revive Adserver

6.1CVSS6.4AI score0.00222EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52648

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 6.0.8 Description Insufficient sanitization of user input in the 'zone-include.php' script allows a low-privileged user to execute reflected Cross-Site Scripting XSS attacks. This occurs through the refresh...

6.1CVSS6.5AI score0.00222EPSS
Exploits0References7
Rows per page
Query Builder