Revive Adserver Security Vulnerabilities and Issues — Revive Adserver CVE List

Lucene search

Revive-adserverRevive Adserver

4 matches found

CVE•added 2014/12/19 3:59 p.m.•59 views

CVE-2014-8793

Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.

4.3CVSS5.6AI score0.00445EPSS

CVE•added 2014/04/25 2:15 p.m.•37 views

CVE-2013-5954

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/ba...

6.8CVSS7.3AI score0.05906EPSS

CVE•added 2014/12/19 3:59 p.m.•37 views

CVE-2014-8875

The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.

5CVSS6.5AI score0.00734EPSS

CVE•added 2014/12/19 3:59 p.m.•35 views

CVE-2014-9407

Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) u...

6.8CVSS7.4AI score0.00116EPSS