CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2023-38040
https://notcve.org/view.php?id=CVE-2023-38040
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. Existe una vulnerabilidad XSS Reflejada en Revive Adserver 5.4.1 y versiones anteriores. • https://hackerone.com/reports/1694171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-22948
https://notcve.org/view.php?id=CVE-2021-22948
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account. Una vulnerabilidad en la generación de IDs de sesión en revive-adserver versiones anteriores a 5.3.0, basada en la función PHP uniqid() criptográficamente no segura. Bajo algunas circunstancias, un atacante podría teóricamente ser capaz de forzar los ID de sesión para hacerse con una cuenta específica • https://hackerone.com/reports/1187820 https://www.revive-adserver.com/security/revive-sa-2021-005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •