Vulnerabilities > Revive Adserver

DATE CVE VULNERABILITY TITLE RISK
2023-09-17 CVE-2023-38040 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..
network
low complexity
revive-adserver CWE-79
6.1
2021-09-23 CVE-2021-22948 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Revive-Adserver Revive Adserver
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function.
network
low complexity
revive-adserver CWE-338
7.1
2021-03-25 CVE-2021-22889 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped.
4.3
2021-03-25 CVE-2021-22888 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php.
4.3
2021-01-28 CVE-2021-22875 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
4.3
2021-01-28 CVE-2021-22874 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
4.3
2021-01-26 CVE-2021-22873 Open Redirect vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts.
5.8
2021-01-26 CVE-2021-22872 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script.
4.3
2021-01-26 CVE-2021-22871 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
3.5
2020-04-03 CVE-2020-8143 Open Redirect vulnerability in Revive-Adserver Revive Adserver
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144.
5.8