Vendor CVEs
Revive Adserver
All CVEs
76 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9125 | Cri | 0.64 | 9.8 | 0.03 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for… | ||
| CVE-2016-9124 | Cri | 0.64 | 9.8 | 0.02 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to… | ||
| CVE-2017-5830 | Cri | 0.64 | 9.8 | 0.03 | Mar 3, 2017 | Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | ||
| CVE-2016-9470 | Cri | 0.59 | 9.0 | 0.02 | Mar 28, 2017 | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually… | ||
| CVE-2016-9456 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | ||
| CVE-2016-9455 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`,… | ||
| CVE-2016-9127 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially… | ||
| CVE-2024-12461 | Med | 0.42 | 6.4 | 0.00 | Dec 12, 2024 | The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2017-5833 | Med | 0.40 | 6.1 | 0.02 | Mar 3, 2017 | Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||
| CVE-2017-5831 | Med | 0.38 | 5.9 | 0.01 | Mar 3, 2017 | Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | ||
| CVE-2016-9472 | Med | 0.35 | 5.4 | 0.02 | Mar 28, 2017 | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible… | ||
| CVE-2016-9457 | Med | 0.35 | 5.4 | 0.02 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly… | ||
| CVE-2016-9454 | Med | 0.35 | 5.4 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the… | ||
| CVE-2016-9130 | Med | 0.35 | 5.4 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script. | ||
| CVE-2016-9129 | Med | 0.35 | 5.3 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery… | ||
| CVE-2016-9128 | Med | 0.35 | 5.4 | 0.02 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a… | ||
| CVE-2016-9126 | Med | 0.35 | 5.4 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit… | ||
| CVE-2017-5832 | Med | 0.35 | 5.4 | 0.01 | Mar 3, 2017 | Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | ||
| CVE-2016-9471 | Low | 0.20 | 3.1 | 0.01 | Mar 28, 2017 | Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the… | ||
| CVE-2019-5434 | 0.10 | — | 0.57 | May 6, 2019 | An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related… | |||
| CVE-2021-22873 | 0.04 | — | 0.66 | Jan 21, 2021 | Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when… | |||
| CVE-2020-8115 | 0.04 | — | 0.07 | Feb 4, 2020 | A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of… | |||
| CVE-2021-22889 | 0.03 | — | 0.36 | Mar 25, 2021 | Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver… | |||
| CVE-2013-5954 | 0.03 | — | 0.03 | Apr 25, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3)… | |||
| CVE-2021-22888 | 0.02 | — | 0.20 | Mar 25, 2021 | Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and… | |||
| CVE-2021-22875 | 0.02 | — | 0.22 | Jan 28, 2021 | Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter. | |||
| CVE-2021-22874 | 0.02 | — | 0.22 | Jan 28, 2021 | Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter. | |||
| CVE-2023-38040 | 0.01 | — | 0.02 | Sep 17, 2023 | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. | |||
| CVE-2020-8143 | 0.01 | — | 0.70 | Apr 3, 2020 | An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the… | |||
| CVE-2026-34913 | 0.00 | — | 0.00 | Jun 23, 2026 | A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in… | |||
| CVE-2026-34916 | 0.00 | — | 0.00 | Jun 23, 2026 | A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during… | |||
| CVE-2026-34914 | 0.00 | — | 0.00 | Jun 23, 2026 | A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters… | |||
| CVE-2026-44958 | 0.00 | — | 0.00 | Jun 23, 2026 | An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit… | |||
| CVE-2026-44957 | 0.00 | — | 0.00 | Jun 23, 2026 | A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only… | |||
| CVE-2026-34912 | 0.00 | — | 0.00 | Jun 23, 2026 | A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same… | |||
| CVE-2026-44959 | 0.00 | — | 0.00 | Jun 23, 2026 | A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed… | |||
| CVE-2026-34915 | 0.00 | — | 0.00 | Jun 23, 2026 | A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all… | |||
| CVE-2026-21642 | 0.00 | — | 0.00 | Jan 20, 2026 | HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator… | |||
| CVE-2026-21664 | 0.00 | — | 0.00 | Jan 20, 2026 | HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the… | |||
| CVE-2026-21663 | 0.00 | — | 0.00 | Jan 20, 2026 | HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is… | |||
| CVE-2026-21640 | 0.00 | — | 0.00 | Jan 20, 2026 | HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error. | |||
| CVE-2026-21641 | 0.00 | — | 0.00 | Jan 20, 2026 | HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts. | |||
| CVE-2023-53931 | 0.00 | — | 0.02 | Dec 17, 2025 | Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append… | |||
| CVE-2025-55129 | 0.00 | — | 0.00 | Dec 2, 2025 | HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently… | |||
| CVE-2025-52668 | 0.00 | — | 0.00 | Nov 20, 2025 | Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack. | |||
| CVE-2025-48986 | 0.00 | — | 0.01 | Nov 20, 2025 | Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality. | |||
| CVE-2025-48987 | 0.00 | — | 0.00 | Nov 20, 2025 | Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack. | |||
| CVE-2025-55123 | 0.00 | — | 0.00 | Nov 20, 2025 | Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users. | |||
| CVE-2025-52671 | 0.00 | — | 0.00 | Nov 20, 2025 | Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use. | |||
| CVE-2025-52666 | 0.00 | — | 0.00 | Nov 20, 2025 | Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error. |
- risk 0.64cvss 9.8epss 0.03
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for…
- risk 0.64cvss 9.8epss 0.02
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to…
- risk 0.64cvss 9.8epss 0.03
Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.
- risk 0.59cvss 9.0epss 0.02
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually…
- risk 0.57cvss 8.8epss 0.01
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
- risk 0.57cvss 8.8epss 0.01
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`,…
- risk 0.57cvss 8.8epss 0.01
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially…
- risk 0.42cvss 6.4epss 0.00
The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- risk 0.38cvss 5.9epss 0.01
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
- risk 0.35cvss 5.4epss 0.02
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible…
- risk 0.35cvss 5.4epss 0.02
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly…
- risk 0.35cvss 5.4epss 0.01
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the…
- risk 0.35cvss 5.4epss 0.01
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
- risk 0.35cvss 5.3epss 0.01
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery…
- risk 0.35cvss 5.4epss 0.02
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a…
- risk 0.35cvss 5.4epss 0.01
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit…
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
- risk 0.20cvss 3.1epss 0.01
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the…
- CVE-2019-5434May 6, 2019risk 0.10cvss —epss 0.57
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related…
- CVE-2021-22873Jan 21, 2021risk 0.04cvss —epss 0.66
Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when…
- CVE-2020-8115Feb 4, 2020risk 0.04cvss —epss 0.07
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of…
- CVE-2021-22889Mar 25, 2021risk 0.03cvss —epss 0.36
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver…
- CVE-2013-5954Apr 25, 2014risk 0.03cvss —epss 0.03
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3)…
- CVE-2021-22888Mar 25, 2021risk 0.02cvss —epss 0.20
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and…
- CVE-2021-22875Jan 28, 2021risk 0.02cvss —epss 0.22
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
- CVE-2021-22874Jan 28, 2021risk 0.02cvss —epss 0.22
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
- CVE-2023-38040Sep 17, 2023risk 0.01cvss —epss 0.02
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..
- CVE-2020-8143Apr 3, 2020risk 0.01cvss —epss 0.70
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the…
- CVE-2026-34913Jun 23, 2026risk 0.00cvss —epss 0.00
A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to link their trackers to campaigns owned by other managers on the same instance, resulting in…
- CVE-2026-34916Jun 23, 2026risk 0.00cvss —epss 0.00
A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during…
- CVE-2026-34914Jun 23, 2026risk 0.00cvss —epss 0.00
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters…
- CVE-2026-44958Jun 23, 2026risk 0.00cvss —epss 0.00
An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit…
- CVE-2026-44957Jun 23, 2026risk 0.00cvss —epss 0.00
A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only…
- CVE-2026-34912Jun 23, 2026risk 0.00cvss —epss 0.00
A missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and earlier, or via its API allows a low‑privileged user could link their zones to banners or campaigns owned by other managers on the same…
- CVE-2026-44959Jun 23, 2026risk 0.00cvss —epss 0.00
A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed…
- CVE-2026-34915Jun 23, 2026risk 0.00cvss —epss 0.00
A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all…
- CVE-2026-21642Jan 20, 2026risk 0.00cvss —epss 0.00
HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator…
- CVE-2026-21664Jan 20, 2026risk 0.00cvss —epss 0.00
HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the…
- CVE-2026-21663Jan 20, 2026risk 0.00cvss —epss 0.00
HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is…
- CVE-2026-21640Jan 20, 2026risk 0.00cvss —epss 0.00
HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error.
- CVE-2026-21641Jan 20, 2026risk 0.00cvss —epss 0.00
HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts.
- CVE-2023-53931Dec 17, 2025risk 0.00cvss —epss 0.02
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append…
- CVE-2025-55129Dec 2, 2025risk 0.00cvss —epss 0.00
HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently…
- CVE-2025-52668Nov 20, 2025risk 0.00cvss —epss 0.00
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
- CVE-2025-48986Nov 20, 2025risk 0.00cvss —epss 0.01
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
- CVE-2025-48987Nov 20, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
- CVE-2025-55123Nov 20, 2025risk 0.00cvss —epss 0.00
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
- CVE-2025-52671Nov 20, 2025risk 0.00cvss —epss 0.00
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
- CVE-2025-52666Nov 20, 2025risk 0.00cvss —epss 0.00
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
Page 1 of 2