Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Revive-adserver Subscribe
Filtered by product Revive Adserver
Total 60 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7366 1 Revive-adserver 1 Revive Adserver 2026-05-06 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
CVE-2015-7371 1 Revive-adserver 1 Revive Adserver 2026-05-06 5.0 MEDIUM N/A
Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.
CVE-2015-7370 1 Revive-adserver 1 Revive Adserver 2026-05-06 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter.
CVE-2015-7368 1 Revive-adserver 1 Revive Adserver 2026-05-06 2.1 LOW N/A
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
CVE-2015-7372 1 Revive-adserver 1 Revive Adserver 2026-05-06 7.5 HIGH N/A
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
CVE-2014-8793 1 Revive-adserver 1 Revive Adserver 2026-05-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
CVE-2015-7364 1 Revive-adserver 1 Revive Adserver 2026-05-06 6.8 MEDIUM N/A
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.
CVE-2014-9407 1 Revive-adserver 1 Revive Adserver 2026-05-06 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-delete.php in admin/ or (4) unlink accounts via a request to admin-user-unlink.php. (5) advertiser-user-unlink.php, or (6) affiliate-user-unlink.php in admin/.
CVE-2014-8875 1 Revive-adserver 1 Revive Adserver 2026-05-06 5.0 MEDIUM N/A
The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted XML-RPC request, aka an XML Entity Expansion (XEE) attack.
CVE-2015-7373 1 Revive-adserver 1 Revive Adserver 2026-05-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.
CVE-2013-5954 2 Openx, Revive-adserver 2 Openx, Revive Adserver 2026-05-06 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
CVE-2015-7367 1 Revive-adserver 1 Revive Adserver 2026-05-06 7.5 HIGH N/A
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
CVE-2013-7149 2 Openx, Revive-adserver 2 Openx, Revive Adserver 2026-04-29 7.5 HIGH N/A
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
CVE-2023-53931 1 Revive-adserver 1 Revive Adserver 2025-12-27 N/A 6.1 MEDIUM
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.
CVE-2025-55123 1 Revive-adserver 1 Revive Adserver 2025-12-05 N/A 5.4 MEDIUM
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
CVE-2025-52666 1 Revive-adserver 1 Revive Adserver 2025-12-02 N/A 2.7 LOW
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
CVE-2025-52667 1 Revive-adserver 1 Revive Adserver 2025-12-02 N/A 5.4 MEDIUM
Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.
CVE-2025-52668 1 Revive-adserver 1 Revive Adserver 2025-12-02 N/A 5.4 MEDIUM
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
CVE-2025-52669 1 Revive-adserver 1 Revive Adserver 2025-12-02 N/A 4.3 MEDIUM
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
CVE-2025-52670 1 Revive-adserver 1 Revive Adserver 2025-12-02 N/A 6.5 MEDIUM
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts