revive-adserver

Top products

The 15 most recently published vulnerabilities affecting revive-adserver.

• CVE-2023-53931Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings6.1Dec 17, 2025
• CVE-2025-52668Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored ...5.4Nov 20, 2025
• CVE-2025-48987Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.6.1Nov 20, 2025
• CVE-2025-48986Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forg...8.8Nov 20, 2025
• CVE-2025-55124Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.6.1Nov 20, 2025
• CVE-2025-55123Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.5.4Nov 20, 2025
• CVE-2025-52671Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database v...4.3Nov 20, 2025
• CVE-2025-52670Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts6.5Nov 20, 2025
• CVE-2025-52669Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other u...4.3Nov 20, 2025
• CVE-2025-52667Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.5.4Nov 20, 2025
• CVE-2025-52666Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PH...2.7Nov 20, 2025
• CVE-2025-27208A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver inst...6.1Oct 30, 2025
• CVE-2025-52664SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users8.8Oct 30, 2025
• CVE-2023-38040A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..6.1Sep 17, 2023
• CVE-2021-22948Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically b...7.1Sep 23, 2021