Lucene search
K

7 matches found

Nuclei
Nuclei
added yesterday53 views

Revive Adserver <=5.0.3 - Cross-Site Scripting

Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php...

6.1CVSS6.6AI score0.07055EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:13 p.m.9 views

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

6.1CVSS6.5AI score0.07055EPSS
Exploits1References1
Circl
Circl
added 2025/02/05 12:0 a.m.220 views

CVE-2020-8115

creationtimestamp| type| source ---|---|--- 2025-02-05 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-02-05 2026-06-23 14:06:20+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/757cedff-80db-453e-831d-304a90718978...

6.1CVSS6.4AI score0.07055EPSS
In wildExploits1References2
NVD
NVD
added 2021/01/26 6:16 p.m.12 views

CVE-2021-22872

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...

6.1CVSS5.9AI score0.03447EPSS
Exploits2References6
Prion
Prion
added 2021/01/26 6:16 p.m.18 views

Cross site scripting

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting XSS vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers e.g., IE10 that do not automatically URL encode...

4.3CVSS5.9AI score0.07055EPSS
Exploits3References6Affected Software1
CVE
CVE
added 2021/01/21 7:15 p.m.53 views

CVE-2021-22872

Revive Adserver

6.1CVSS5.8AI score0.03447EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.20 views

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

6.4AI score0.07055EPSS
Exploits1References2
Rows per page
Query Builder