CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 1CVE-2023-38040
https://notcve.org/view.php?id=CVE-2023-38040
17 Sep 2023 — A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. Existe una vulnerabilidad XSS Reflejada en Revive Adserver 5.4.1 y versiones anteriores. • https://hackerone.com/reports/1694171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-22948
https://notcve.org/view.php?id=CVE-2021-22948
23 Sep 2021 — Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account. Una vulnerabilidad en la generación de IDs de sesión en revive-adserver versiones anteriores a 5.3.0, basada en la función PHP uniqid() criptográficamente no segura. Bajo algunas circunstancias, un atacante podría teóricamente ser capaz de... • https://hackerone.com/reports/1187820 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-22889
https://notcve.org/view.php?id=CVE-2021-22889
25 Mar 2021 — Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code. Revive Adserver versiones anteriores a v5.2.0, es susceptible a una vulnerabilidad XSS reflejado en el p... • https://github.com/revive-adserver/revive-adserver/commit/2f868414 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-22888
https://notcve.org/view.php?id=CVE-2021-22888
25 Mar 2021 — Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code. Revive Adserver versiones anteriores a v5.2.0, es susceptible a una vulnerabilidad de tipo XSS reflejado en el parámetro "status" del archivo campaign-zone-zones.php. Un atacante podría engañar a un ... • https://github.com/revive-adserver/revive-adserver/commit/f472d890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-22874 – Revive Adserver 5.1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-22874
27 Jan 2021 — Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter. Revive Adserver versiones anteriores a 5.1.1, es susceptible a una vulnerabilidad de tipo XSS reflejado en el archivo userlog-index.php por medio del parámetro "period_preset" Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities. • https://packetstorm.news/files/id/161156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-22875 – Revive Adserver 5.1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-22875
27 Jan 2021 — Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter. Revive Adserver versiones anteriores a 5.1.1, es susceptible a una vulnerabilidad de tipo XSS reflejado en el archivo stats.php por medio del parámetro "setPerPage" Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities. • https://packetstorm.news/files/id/161156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-22871 – Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2021-22871
21 Jan 2021 — Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability. Revive Adserver versiones anteriores a 5.1.0, permite a cualquier usuario con una cuenta de administrador almacenar contenido posiblemente malicioso en la propiedad del sitio web URL, que luego es mostrada sin saneamiento en... • https://packetstorm.news/files/id/161070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2021-22872 – Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2021-22872
21 Jan 2021 — Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable. Revive Adserver anterior a la versión 5.1.0 es vulnerable a una vulnerabilidad de scripting cruzado (XSS) reflejada a través del script de entrega afr.php de acceso público. Si ... • https://packetstorm.news/files/id/161070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 59%CPEs: 1EXPL: 3CVE-2021-22873 – Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2021-22873
21 Jan 2021 — Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability. Revive Adserver versiones anteriores a 5.1.0 e... • https://packetstorm.news/files/id/161070 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8143
https://notcve.org/view.php?id=CVE-2020-8143
03 Apr 2020 — An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter. Se detectó una vulnerabilidad de... • https://hackerone.com/reports/794144 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •