Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
revive-adserver revive adserver vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2016-9128
Revive Adserver prior to 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an malicious user to steal the session ID of an authenticated user, by tricking them into visiting...
Revive-adserver Revive Adserver
5.3
CVSSv3
CVE-2016-9129
Revive Adserver prior to 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery...
Revive-adserver Revive Adserver
5.4
CVSSv3
CVE-2016-9130
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Revive-adserver Revive Adserver
5.4
CVSSv3
CVE-2019-5433
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This...
Revive-adserver Revive Adserver
8.1
CVSSv3
CVE-2019-5440
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecove...
Revive-adserver Revive Adserver
4.8
CVSSv3
CVE-2021-22871
Revive Adserver prior to 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulne...
Revive-adserver Revive Adserver
6.1
CVSSv3
CVE-2021-22872
Revive Adserver prior to 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not au...
Revive-adserver Revive Adserver
6.1
CVSSv3
CVE-2021-22873
Revive Adserver prior to 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when deliv...
Revive-adserver Revive Adserver
1 Github repository
6.1
CVSSv3
CVE-2021-22874
Revive Adserver prior to 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
Revive-adserver Revive Adserver
6.1
CVSSv3
CVE-2021-22875
Revive Adserver prior to 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
Revive-adserver Revive Adserver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »