12 matches found
CVE-2026-21664
HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...
CVE-2026-21664
HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...
CVE-2026-21664
HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...
CVE-2021-22872
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...
Revive Adserver: Reflected XSS in afr.php
Vulnerability description not provided...
Hitachi Energy AFS, AFR and AFF Series
RISK EVALUATION Successful exploitation of this vulnerability could compromise the integrity of the product data and disrupt its availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
EUVD-2025-139090
Malicious code in nuyar-id-afr npm...
Malicious code in nuyar-id-afr (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 89a2f0924e927313f50ceb1db710bc07a16ec0dfacc4b65a9f3b0f5060720be9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
VulnCheck KEV: CVE-2020-8115
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older...
Cisco Unified Communications Manager IM & Presence File Read Vulnerability (isco-sa-cucm-imp-afr-YBFLNyzd)
The version of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P installed on the remote host is prior to 14SU2. It is, therefore, affected by a file read vulnerability. Due to insufficient file permissions, an authenticated remote attacker could read arbitrary files on t...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2009-0229-PoC PoC for CVE-2009-0229 "Print Spooler Read Fi...
Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure Vulnerability
Exploit for aix platform in category dos / poc Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with support for many...