Vulnerabilities > Revive Adserver > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-17 | CVE-2023-38040 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. | 6.1 |
| 2021-03-25 | CVE-2021-22889 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. | 4.3 |
| 2021-03-25 | CVE-2021-22888 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. | 4.3 |
| 2021-01-28 | CVE-2021-22875 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter. | 4.3 |
| 2021-01-28 | CVE-2021-22874 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter. | 4.3 |
| 2021-01-26 | CVE-2021-22873 | Open Redirect vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. | 5.8 |
| 2021-01-26 | CVE-2021-22872 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. | 4.3 |
| 2020-04-03 | CVE-2020-8143 | Open Redirect vulnerability in Revive-Adserver Revive Adserver An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. | 5.8 |
| 2020-04-03 | CVE-2020-8142 | Incorrect Authorization vulnerability in Revive-Adserver Revive Adserver A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. | 4.6 |
| 2020-02-04 | CVE-2020-8115 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. | 4.3 |