Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Revive-adserver Subscribe
Filtered by product Revive Adserver
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9457 1 Revive-adserver 1 Revive Adserver 2017-03-29 3.5 LOW 5.4 MEDIUM
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.
CVE-2016-9455 1 Revive-adserver 1 Revive Adserver 2017-03-29 6.8 MEDIUM 8.8 HIGH
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
CVE-2017-5832 1 Revive-adserver 1 Revive Adserver 2017-03-06 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
CVE-2017-5831 1 Revive-adserver 1 Revive Adserver 2017-03-06 5.5 MEDIUM 5.9 MEDIUM
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
CVE-2017-5833 1 Revive-adserver 1 Revive Adserver 2017-03-06 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2014-9407 1 Revive-adserver 1 Revive Adserver 2014-12-19 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/.