Medium
CVSS: 5.1
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with X…
Medium
CVSS: 6.1
Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.
Medium
CVSS: 5.4
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
Medium
CVSS: 4.3
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
Medium
CVSS: 6.5
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
Medium
CVSS: 4.3
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
Medium
CVSS: 5.4
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
Medium
CVSS: 5.4
Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.
Low
CVSS: 2.7
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
Medium
CVSS: 6.1
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
High
CVSS: 8.8
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
High
CVSS: 8.8
SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users
Medium
CVSS: 6.1
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafte…