Vulnerabilidades en Revive
34 resultadosCVE-2023-38040—A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..EPSS 2.0%CVE-2019-5440—Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bEPSS 1.6%CVE-2025-27208MEDIUMA reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user wiEPSS 1.4%CVE-2025-52664HIGHSQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by loggEPSS 1.0%CVE-2025-48986HIGHAuthorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email addreEPSS 0.6%CVE-2025-52668HIGHImproper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential iEPSS 0.4%CVE-2025-48987MEDIUMImproper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.EPSS 0.4%CVE-2026-44959HIGHA missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user couldEPSS 0.4%CVE-2025-55123LOWImproper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attEPSS 0.4%CVE-2025-52666LOWImproper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administratorEPSS 0.4%CVE-2025-55124MEDIUMImproper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.EPSS 0.4%CVE-2025-55128MEDIUMHackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.phpEPSS 0.3%CVE-2025-52667LOWMissing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possibEPSS 0.3%CVE-2025-52671MEDIUMDebug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to aEPSS 0.3%CVE-2026-44960NONEA stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected EPSS 0.3%CVE-2026-44956NONELow‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose cEPSS 0.3%CVE-2026-44961NONEThe XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernamEPSS 0.3%CVE-2026-34917MEDIUMLow‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restrictEPSS 0.3%CVE-2026-34914HIGHA missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploiEPSS 0.3%CVE-2025-52670HIGHMissing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by otEPSS 0.3%