7 matches found
Revive Adserver <=5.0.3 - Cross-Site Scripting
Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php...
CVE-2020-8115
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...
CVE-2020-8115
creationtimestamp| type| source ---|---|--- 2025-02-05 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-02-05 2026-06-23 14:06:20+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/757cedff-80db-453e-831d-304a90718978...
CVE-2021-22872
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...
Cross site scripting
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...
CVE-2021-22872
Revive Adserver
CVE-2020-8115
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...