9 matches found
CVE-2025-55129
CVE-2025-55129 affects Revive Adserver and concerns username handling in user registration/creation. The issue allows impersonation via visual homoglyphs and alternate techniques after the fix for CVE-2025-52672, based on multiple reports (e.g., homoglyphs, RTL overrides, Cyrillic homographs). Co...
CVE-2025-55128
The CVE-2025-55128 entry concerns Revive Adserver and a vulnerability in userlog-index.php where an attacker with admin access can send an extremely large setPerPage value, causing uncontrolled resource consumption and potential DoS. The tied HackerOne report explains that the pagination paramete...
CVE-2026-21640
The CVE-2026-21640 entry describes an INI format-string injection in Revive Adserver settings that can crash the admin console with a fatal PHP error when certain character sequences are used. The issue is reported for Revive Adserver (with a referenced 6.0.4 context in the HackerOne report). Roo...
CVE-2026-21641
Revive Adserver CVE-2026-21641 is an authorization bypass in the tracker-delete.php script. Reported by HackerOne, the issue allows users with delete-tracker permissions to delete trackers owned by other accounts. Verified across multiple sources (NVD, RH, CIRCL, CVE List, EUVD, AttackeRKB, etc.)...
CVE-2026-21642
Revive Adserver is affected by CVE-2026-21642: a reflected XSS in banner-acl.php and channel-acl.php. An attacker can craft a URL containing an HTML payload; if a logged-in administrator visits the URL, the payload may be reflected to the browser and execute scripts. The available documents (NVD,...
CVE-2026-21664
CVE-2026-21664 is a reported reflected XSS vulnerability affecting Revive Adserver’s afr.php delivery script. A crafted URL containing HTML payload parameters can cause an administrator visiting the link to have malicious scripts executed in the browser. The available sources consistently describ...
CVE-2025-55126
Revive Adserver is affected by a stored XSS in the navigation/advertiser pages where campaign names are stored and later rendered without escaping. The vulnerability is exploitable by a low-privilege authenticated user who can store HTML/JS in campaign names via the admin Inventory → Banners adve...
CVE-2025-55127
Affected software: Revive Adserver. Vulnerability: Improper neutralization/validation of whitespace in usernames, allowing leading or trailing spaces. The UI does not visually distinguish such usernames from legitimate ones, per the HackerOne report and related sources. Root cause (as stated): Us...
CVE-2026-21663
CVE-2026-21663 is a reflected XSS vulnerability in Revive Adserver’s banner-acl.php script. An attacker can craft a URL with an HTML payload in a parameter (e.g., cap) that, when visited by a logged-in administrator, causes the payload to execute in the administrator’s browser. Multiple sources (...