Revive-Adserver: >> Revive Adserver Security Vulnerabilities
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed.
The vulnerability is present in the admin-search.php file and can be exploited via the compact parameter.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-31
SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users
CVSS Score
8.8
EPSS Score
0.0
Published
2025-10-31
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..
CVSS Score
6.1
EPSS Score
0.057
Published
2023-09-17
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
CVSS Score
7.1
EPSS Score
0.004
Published
2021-09-23
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code.
CVSS Score
6.1
EPSS Score
0.008
Published
2021-03-25
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code.
CVSS Score
6.1
EPSS Score
0.008
Published
2021-03-25
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-01-28
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-01-28
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability.
CVSS Score
4.8
EPSS Score
0.009
Published
2021-01-26
Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable.
CVSS Score
6.1
EPSS Score
0.021
Published
2021-01-26
Page 1