710 matches found
CVE-2021-22873
Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third...
CVE-2021-22875
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...
CVE-2021-22871
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting XSS vulnerability...
CVE-2021-22888
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...
CVE-2021-22948
Vulnerability in the generation of session IDs in revive-adserver 5.3.0, based on the cryptographically insecure uniqid PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account...
CVE-2021-22872
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...
CVE-2021-22889
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...
CVE-2021-22874
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the periodpreset parameter...
Revive Adserver: [revive-adserver] Reflected XSS in Banner Delivery Options via cap parameter
Vulnerability description not provided...
CVE-2023-53931
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
Revive Adserver: Reflected XSS in banner-acl.php and channel-acl.php via executionorder
Vulnerability description not provided...
EUVD-2023-60200
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
CVE-2023-53931
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
CVE-2023-53931
Revive Adserver 5.4.1 is affected by a cross-site scripting (XSS) vulnerability in the banner-advanced.php endpoint. The issue arises from unsanitized input passed via the prepend and append parameters, enabling an attacker to inject and execute arbitrary JavaScript when an administrator views th...
CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
Revive Adserver 跨站脚本漏洞
Revive Adserver is an open source ad management system by Revive Adserver team. The system provides ad placement, ad space management, statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver version 5.4.1, which stems from the presence of cross-site scriptin...
Revive Adserver: Reflected XSS in afr.php
Vulnerability description not provided...
CVE-2025-55129
HackerOne community member Kassem S.kassems94 has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne...