Lucene search
K
AquaplatformRevive Adserver

9 matches found

CVE
CVE
added 2025/12/02 1:42 a.m.26 views

CVE-2025-55129

CVE-2025-55129 affects Revive Adserver and concerns username handling in user registration/creation. The issue allows impersonation via visual homoglyphs and alternate techniques after the fix for CVE-2025-52672, based on multiple reports (e.g., homoglyphs, RTL overrides, Cyrillic homographs). Co...

5.4CVSS5.7AI score0.00223EPSS
CVE
CVE
added 2025/11/20 7:6 p.m.17 views

CVE-2025-55128

The CVE-2025-55128 entry concerns Revive Adserver and a vulnerability in userlog-index.php where an attacker with admin access can send an extremely large setPerPage value, causing uncontrolled resource consumption and potential DoS. The tied HackerOne report explains that the pagination paramete...

6.5CVSS6.4AI score0.00346EPSS
CVE
CVE
added 2026/01/20 8:48 p.m.14 views

CVE-2026-21640

The CVE-2026-21640 entry describes an INI format-string injection in Revive Adserver settings that can crash the admin console with a fatal PHP error when certain character sequences are used. The issue is reported for Revive Adserver (with a referenced 6.0.4 context in the HackerOne report). Roo...

2.7CVSS5.5AI score0.0021EPSS
CVE
CVE
added 2026/01/20 8:48 p.m.14 views

CVE-2026-21641

Revive Adserver CVE-2026-21641 is an authorization bypass in the tracker-delete.php script. Reported by HackerOne, the issue allows users with delete-tracker permissions to delete trackers owned by other accounts. Verified across multiple sources (NVD, RH, CIRCL, CVE List, EUVD, AttackeRKB, etc.)...

7.1CVSS5.5AI score0.00227EPSS
CVE
CVE
added 2026/01/20 8:48 p.m.14 views

CVE-2026-21642

Revive Adserver is affected by CVE-2026-21642: a reflected XSS in banner-acl.php and channel-acl.php. An attacker can craft a URL containing an HTML payload; if a logged-in administrator visits the URL, the payload may be reflected to the browser and execute scripts. The available documents (NVD,...

6.1CVSS5.5AI score0.00163EPSS
CVE
CVE
added 2026/01/20 8:48 p.m.14 views

CVE-2026-21664

CVE-2026-21664 is a reported reflected XSS vulnerability affecting Revive Adserver’s afr.php delivery script. A crafted URL containing HTML payload parameters can cause an administrator visiting the link to have malicious scripts executed in the browser. The available sources consistently describ...

6.1CVSS5.5AI score0.00163EPSS
CVE
CVE
added 2025/11/20 7:7 p.m.13 views

CVE-2025-55126

Revive Adserver is affected by a stored XSS in the navigation/advertiser pages where campaign names are stored and later rendered without escaping. The vulnerability is exploitable by a low-privilege authenticated user who can store HTML/JS in campaign names via the admin Inventory → Banners adve...

6.5CVSS5.8AI score0.0018EPSS
CVE
CVE
added 2025/11/20 7:7 p.m.13 views

CVE-2025-55127

Affected software: Revive Adserver. Vulnerability: Improper neutralization/validation of whitespace in usernames, allowing leading or trailing spaces. The UI does not visually distinguish such usernames from legitimate ones, per the HackerOne report and related sources. Root cause (as stated): Us...

5.4CVSS6.5AI score0.00215EPSS
CVE
CVE
added 2026/01/20 8:48 p.m.10 views

CVE-2026-21663

CVE-2026-21663 is a reflected XSS vulnerability in Revive Adserver’s banner-acl.php script. An attacker can craft a URL with an HTML payload in a parameter (e.g., cap) that, when visited by a logged-in administrator, causes the payload to execute in the administrator’s browser. Multiple sources (...

6.1CVSS5.5AI score0.00163EPSS