CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third...

CVE-2021-22888

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...

CVE-2025-52667

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user...

EUVD-2016-10277

Malware in sbrugna...

EUVD-2021-10007

Malware in sbrugna...

EUVD-2016-9941

Malware in sbrugna...

CVE-2019-5433

A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another unsafe domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was...

CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpreviveasync' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-23381)

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the statsBreakdown parameter in stats.php ...

Revive Adserver Input Validation Error Vulnerability (CNVD-2021-23389)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. An input validation error vulnerability exists in Revive Adserver versions prior to 5.1.0, which stems from an...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-07540)

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in userlog-index.php in Revive Adserver...