CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23802 – WordPress WP-Revive Adserver Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23802
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steven Soehl WP-Revive Adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through 2.2.1. The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbit... • https://patchstack.com/database/wordpress/plugin/wp-revive-adserver/vulnerability/wordpress-wp-revive-adserver-plugin-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 3%CPEs: 1EXPL: 1CVE-2023-38040
https://notcve.org/view.php?id=CVE-2023-38040
17 Sep 2023 — A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. Existe una vulnerabilidad XSS Reflejada en Revive Adserver 5.4.1 y versiones anteriores. • https://hackerone.com/reports/1694171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-22948
https://notcve.org/view.php?id=CVE-2021-22948
23 Sep 2021 — Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account. Una vulnerabilidad en la generación de IDs de sesión en revive-adserver versiones anteriores a 5.3.0, basada en la función PHP uniqid() criptográficamente no segura. Bajo algunas circunstancias, un atacante podría teóricamente ser capaz de... • https://hackerone.com/reports/1187820 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-22889
https://notcve.org/view.php?id=CVE-2021-22889
25 Mar 2021 — Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code. Revive Adserver versiones anteriores a v5.2.0, es susceptible a una vulnerabilidad XSS reflejado en el p... • https://github.com/revive-adserver/revive-adserver/commit/2f868414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2021-22888
https://notcve.org/view.php?id=CVE-2021-22888
25 Mar 2021 — Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code. Revive Adserver versiones anteriores a v5.2.0, es susceptible a una vulnerabilidad de tipo XSS reflejado en el parámetro "status" del archivo campaign-zone-zones.php. Un atacante podría engañar a un ... • https://github.com/revive-adserver/revive-adserver/commit/f472d890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-22875 – Revive Adserver 5.1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-22875
27 Jan 2021 — Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter. Revive Adserver versiones anteriores a 5.1.1, es susceptible a una vulnerabilidad de tipo XSS reflejado en el archivo stats.php por medio del parámetro "setPerPage" Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities. • https://packetstorm.news/files/id/161156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-22874 – Revive Adserver 5.1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-22874
27 Jan 2021 — Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter. Revive Adserver versiones anteriores a 5.1.1, es susceptible a una vulnerabilidad de tipo XSS reflejado en el archivo userlog-index.php por medio del parámetro "period_preset" Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities. • https://packetstorm.news/files/id/161156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-22871 – Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2021-22871
21 Jan 2021 — Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability. Revive Adserver versiones anteriores a 5.1.0, permite a cualquier usuario con una cuenta de administrador almacenar contenido posiblemente malicioso en la propiedad del sitio web URL, que luego es mostrada sin saneamiento en... • https://packetstorm.news/files/id/161070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2021-22872 – Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2021-22872
21 Jan 2021 — Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable. Revive Adserver anterior a la versión 5.1.0 es vulnerable a una vulnerabilidad de scripting cruzado (XSS) reflejada a través del script de entrega afr.php de acceso público. Si ... • https://packetstorm.news/files/id/161070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 66%CPEs: 1EXPL: 3CVE-2021-22873 – Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2021-22873
21 Jan 2021 — Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability. Revive Adserver versiones anteriores a 5.1.0 e... • https://packetstorm.news/files/id/161070 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •