Revive Adserver Security Vulnerabilities and Issues — Revive Adserver CVE List

Lucene search

Revive-adserverRevive Adserver

5 matches found

CVE•added 2021/01/26 6:16 p.m.•84 views

CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third p...

6.1CVSS6.1AI score0.68616EPSS

CVE•added 2021/01/26 6:16 p.m.•41 views

CVE-2021-22871

Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.

4.8CVSS4.9AI score0.01101EPSS

CVE•added 2021/01/26 6:16 p.m.•36 views

CVE-2021-22872

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encod...

6.1CVSS5.8AI score0.57163EPSS

CVE•added 2021/01/28 5:15 p.m.•33 views

CVE-2021-22875

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter.

6.1CVSS5.9AI score0.01089EPSS

CVE•added 2021/01/28 5:15 p.m.•31 views

CVE-2021-22874

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the period_preset parameter.

6.1CVSS5.9AI score0.01089EPSS