Revive-Adserver: >> Revive Adserver >> 5.4.1 Security Vulnerabilities
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-17
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-20
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
CVSS Score
7.1
EPSS Score
0.0
Published
2025-11-20
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-20
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-11-20
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
CVSS Score
2.7
EPSS Score
0.001
Published
2025-11-20
Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-11-20
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-11-20
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed.
The vulnerability is present in the admin-search.php file and can be exploited via the compact parameter.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-31
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..
CVSS Score
6.1
EPSS Score
0.057
Published
2023-09-17
Page 1