Lucene search
K

710 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.7 views

CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third...

6.1CVSS6.7AI score0.66141EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.11 views

CVE-2021-22875

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...

6.1CVSS5.9AI score0.22064EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.13 views

CVE-2021-22871

Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting XSS vulnerability...

4.8CVSS5.8AI score0.02123EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.8 views

CVE-2021-22888

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...

6.1CVSS6AI score0.19811EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.4 views

CVE-2021-22948

Vulnerability in the generation of session IDs in revive-adserver 5.3.0, based on the cryptographically insecure uniqid PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account...

7.1CVSS6.8AI score0.02627EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.21 views

CVE-2021-22872

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...

6.1CVSS5.5AI score0.07055EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.4 views

CVE-2021-22889

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...

6.1CVSS6.5AI score0.3633EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.3 views

CVE-2021-22874

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the periodpreset parameter...

6.1CVSS6.3AI score0.22064EPSS
Exploits2References1
Hacker One
Hacker One
added 2025/12/20 7:8 p.m.12 views

Revive Adserver: [revive-adserver] Reflected XSS in Banner Delivery Options via cap parameter

Vulnerability description not provided...

6.1CVSS6.8AI score0.00163EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.4 views

CVE-2023-53931

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS6.1AI score0.02256EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/12/18 6:43 p.m.14 views

Revive Adserver: Reflected XSS in banner-acl.php and channel-acl.php via executionorder

Vulnerability description not provided...

6.1CVSS6.8AI score0.00163EPSS
Exploits0
EUVD
EUVD
added 2025/12/18 12:34 a.m.6 views

EUVD-2023-60200

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

5.4CVSS5.6AI score0.02256EPSS
Exploits1References4
NVD
NVD
added 2025/12/17 11:15 p.m.8 views

CVE-2023-53931

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS0.02256EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 10:44 p.m.4 views

CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

5.1CVSS6AI score0.02256EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.2 views

CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS5.7AI score0.02256EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.11 views

CVE-2023-53931

Revive Adserver 5.4.1 is affected by a cross-site scripting (XSS) vulnerability in the banner-advanced.php endpoint. The issue arises from unsanitized input passed via the prepend and append parameters, enabling an attacker to inject and execute arbitrary JavaScript when an administrator views th...

6.1CVSS5.7AI score0.02256EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.22 views

CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS0.02256EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source ad management system by Revive Adserver team. The system provides ad placement, ad space management, statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver version 5.4.1, which stems from the presence of cross-site scriptin...

6.1CVSS6.2AI score0.02256EPSS
Exploits1References4
Hacker One
Hacker One
added 2025/12/16 10:10 p.m.13 views

Revive Adserver: Reflected XSS in afr.php

Vulnerability description not provided...

6.1CVSS6.8AI score0.00163EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/09 6:29 p.m.8 views

CVE-2025-55129

HackerOne community member Kassem S.kassems94 has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne...

5.4CVSS7AI score0.00223EPSS
Exploits1References1
Rows per page
Query Builder