Revive Adserver prior to 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
revive-adserver revive adserver