15 matches found
CVE-2020-8142
A security restriction bypass vulnerability has been discovered in Revive Adserver version
CVE-2020-8143
An Open Redirect vulnerability was discovered in Revive Adserver version
CVE-2020-8115
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver
CVE-2021-22873
Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third p...
CVE-2015-7364
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.
CVE-2021-22888
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript...
CVE-2015-7366
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) chan...
CVE-2013-5954
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/ba...
CVE-2023-38040
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..
CVE-2021-22872
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encod...
CVE-2021-22889
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...
CVE-2014-9407
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) u...
CVE-2017-5833
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2021-22875
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter.
CVE-2021-22874
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the period_preset parameter.