Revive

Adserver

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-55124

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.11.2025 19:10:15
  • Zuletzt bearbeitet 26.11.2025 16:56:10

Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.

5.4

CVE-2025-55123

Exploit
  • EPSS 0.02%
  • Veröffentlicht 20.11.2025 19:10:15
  • Zuletzt bearbeitet 05.12.2025 20:17:35

Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.

4.3

CVE-2025-52671

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.11.2025 19:10:15
  • Zuletzt bearbeitet 02.12.2025 20:05:41

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.

6.5

CVE-2025-52670

Exploit
  • EPSS 0.02%
  • Veröffentlicht 20.11.2025 19:10:15
  • Zuletzt bearbeitet 02.12.2025 20:17:35

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts

5.4

CVE-2025-52667

Exploit
  • EPSS 0.02%
  • Veröffentlicht 20.11.2025 19:10:15
  • Zuletzt bearbeitet 02.12.2025 20:24:38

Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.

2.7

CVE-2025-52666

Exploit
  • EPSS 0.1%
  • Veröffentlicht 20.11.2025 19:10:15
  • Zuletzt bearbeitet 02.12.2025 20:31:30

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.

6.5

CVE-2025-55126

Exploit
  • EPSS 0.04%
  • Veröffentlicht 20.11.2025 19:07:42
  • Zuletzt bearbeitet 14.01.2026 21:16:56

HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS

5.4

CVE-2025-55127

Exploit
  • EPSS 0.01%
  • Veröffentlicht 20.11.2025 19:07:15
  • Zuletzt bearbeitet 14.01.2026 21:18:27

HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate ...

6.5

CVE-2025-55128

Exploit
  • EPSS 0.07%
  • Veröffentlicht 20.11.2025 19:06:52
  • Zuletzt bearbeitet 14.01.2026 21:23:44

HackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page,...

6.1

CVE-2025-27208

Exploit
  • EPSS 0.01%
  • Veröffentlicht 30.10.2025 23:32:11
  • Zuletzt bearbeitet 01.12.2025 20:15:50

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and ...