Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9457 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-29 | 3.5 LOW | 5.4 MEDIUM |
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. | |||||
CVE-2016-9455 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-29 | 6.8 MEDIUM | 8.8 HIGH |
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. | |||||
CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-06 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | |||||
CVE-2017-5831 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-06 | 5.5 MEDIUM | 5.9 MEDIUM |
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | |||||
CVE-2017-5833 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
CVE-2014-9407 | 1 Revive-adserver | 1 Revive Adserver | 2014-12-19 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/. |