Lucene search
K

15 matches found

NVD
NVD
added 2026/06/26 2:16 a.m.7 views

CVE-2026-50740

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS0.00222EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 1:11 a.m.9 views

EUVD-2026-39604

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS6.3AI score0.00222EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52648

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 6.0.8 Description Insufficient sanitization of user input in the 'zone-include.php' script allows a low-privileged user to execute reflected Cross-Site Scripting XSS attacks. This occurs through the refresh...

6.1CVSS6.5AI score0.00222EPSS
Exploits1References11
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-34915

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

6.1CVSS0.00217EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-34914

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38501

A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same instance, resulting i...

4.3CVSS5.8AI score0.00235EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.23 views

CVE-2026-34915

CVE-2026-34915 affects Revive Adserver 6.0.6 and earlier due to missing sanitisation in zone-include.php, enabling a low-privileged attacker to exploit the clientid parameter to perform blind SQL injection. The public sources confirm input validation improvements were implemented to ensure all pa...

6.1CVSS6.1AI score0.00217EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.22 views

CVE-2026-34914

This CVE is confirmed: Revive Adserver

8.3CVSS6.6AI score0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.6 views

EUVD-2026-38506

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS6.6AI score0.00298EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.34 views

CVE-2026-34914

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script a...

8.3CVSS0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.10 views

EUVD-2026-38499

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

6.1CVSS6.2AI score0.00217EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.33 views

CVE-2026-34915

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the...

6.1CVSS0.00217EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/06/03 10:27 p.m.7 views

Revive Adserver: Reflected XSS via unsanitised refresh parameter in zone invocation tag

A missing sanitization of user input in the zone-include.php script of Revive Adserver 6.0.7 and earlier was reported. This vulnerability allowed a low-privileged user to perform reflected XSS attacks by exploiting the refresh parameter of the iFrame invocation tag...

6.1CVSS5.8AI score0.00222EPSS
Exploits1
Hacker One
Hacker One
added 2026/04/06 4:1 p.m.18 views

Revive Adserver: Reflected XSS via clientid parameter in zone‑include.php

Vulnerability description not provided...

6.1CVSS5.8AI score0.00217EPSS
Exploits1
Hacker One
Hacker One
added 2026/04/06 2:47 p.m.14 views

Revive Adserver: Blind SQL injection via clientid parameter in zone‑include.php

Vulnerability description not provided...

8.3CVSS5.8AI score0.00298EPSS
Exploits1
Rows per page
Query Builder