Revive-Adserver: >> Revive Adserver >> 3.0.5 Security Vulnerabilities
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
CVSS Score
5.0
EPSS Score
0.007
Published
2014-12-19
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-12-19
Page 6