Filtered by vendor Revive-adserver
Subscriptions
Filtered by product Revive Adserver
Subscriptions
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9457 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-30 | N/A |
| Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. | ||||
| CVE-2016-9456 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-30 | N/A |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | ||||
| CVE-2016-9455 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-30 | N/A |
| Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. | ||||
| CVE-2016-9454 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-30 | N/A |
| Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages. | ||||
| CVE-2017-5833 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-07 | N/A |
| Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2017-5832 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-07 | N/A |
| Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | ||||
| CVE-2017-5831 | 1 Revive-adserver | 1 Revive Adserver | 2017-03-07 | N/A |
| Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | ||||