Vulnerabilities > Revive Adserver
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-17 | CVE-2023-38040 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. | 6.1 |
| 2021-09-23 | CVE-2021-22948 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Revive-Adserver Revive Adserver Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. | 7.1 |
| 2021-03-25 | CVE-2021-22889 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. | 4.3 |
| 2021-03-25 | CVE-2021-22888 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. | 4.3 |
| 2021-01-28 | CVE-2021-22875 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter. | 4.3 |
| 2021-01-28 | CVE-2021-22874 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter. | 4.3 |
| 2021-01-26 | CVE-2021-22873 | Open Redirect vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. | 5.8 |
| 2021-01-26 | CVE-2021-22872 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. | 4.3 |
| 2021-01-26 | CVE-2021-22871 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability. | 3.5 |
| 2020-04-03 | CVE-2020-8143 | Open Redirect vulnerability in Revive-Adserver Revive Adserver An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. | 5.8 |