Revive

Adserver

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
0

CVE-2026-44960

  • EPSS 0.3%
  • Veröffentlicht 23.06.2026 16:14:38
  • Zuletzt bearbeitet 25.06.2026 19:52:36

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output san...

6.1

CVE-2026-21642

  • EPSS 0.16%
  • Veröffentlicht 20.01.2026 20:48:48
  • Zuletzt bearbeitet 30.01.2026 20:14:51

HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a...

6.1

CVE-2026-21664

  • EPSS 0.16%
  • Veröffentlicht 20.01.2026 20:48:47
  • Zuletzt bearbeitet 03.02.2026 21:04:36

HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged i...

6.1

CVE-2026-21663

  • EPSS 0.16%
  • Veröffentlicht 20.01.2026 20:48:47
  • Zuletzt bearbeitet 03.02.2026 21:05:31

HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator ...

6.5

CVE-2026-21641

  • EPSS 0.23%
  • Veröffentlicht 20.01.2026 20:48:47
  • Zuletzt bearbeitet 30.01.2026 20:15:53

HackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by ot...

2.7

CVE-2026-21640

  • EPSS 0.21%
  • Veröffentlicht 20.01.2026 20:48:47
  • Zuletzt bearbeitet 30.01.2026 20:17:33

HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error...

5.4

CVE-2025-55129

Exploit
  • EPSS 0.22%
  • Veröffentlicht 02.12.2025 01:42:06
  • Zuletzt bearbeitet 30.12.2025 14:31:58

HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation h...

5.4

CVE-2025-52668

Exploit
  • EPSS 0.45%
  • Veröffentlicht 20.11.2025 19:11:36
  • Zuletzt bearbeitet 02.12.2025 20:19:57

Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.

6.1

CVE-2025-48987

Exploit
  • EPSS 0.43%
  • Veröffentlicht 20.11.2025 19:11:36
  • Zuletzt bearbeitet 25.11.2025 18:56:45

Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.

8.8

CVE-2025-48986

Exploit
  • EPSS 0.58%
  • Veröffentlicht 20.11.2025 19:11:36
  • Zuletzt bearbeitet 25.11.2025 18:57:29

Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.