Vulnerabilities > Revive Adserver

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2021-22889 Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped.
4.3
2021-03-25 CVE-2021-22888 Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php.
4.3
2021-01-28 CVE-2021-22875 Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
4.3
2021-01-28 CVE-2021-22874 Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
4.3
2021-01-26 CVE-2021-22873 Open Redirect vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts.
5.8
2021-01-26 CVE-2021-22872 Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script.
4.3
2021-01-26 CVE-2021-22871 Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
3.5
2020-04-03 CVE-2020-8143 Open Redirect vulnerability in Revive-Adserver Revive Adserver
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144.
5.8
2020-04-03 CVE-2020-8142 Incorrect Authorization vulnerability in Revive-Adserver Revive Adserver
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
local
low complexity
revive-adserver CWE-863
4.6
2020-02-04 CVE-2020-8115 Cross-Site Scripting vulnerability in Revive-Adserver Revive Adserver
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi.
4.3