Revive-Adserver Revive Adserver vulnerabilities
66 known vulnerabilities affecting revive-adserver/revive_adserver.
Total CVEs
66
CISA KEV
0
Public exploits
4
Exploited in wild
3
Severity breakdown
CRITICAL4HIGH12MEDIUM47LOW3
Vulnerabilities
Page 4 of 4
CVE-2015-7370P4MEDIUMCVSS 4.3≤ 3.2.12015-10-14
CVE-2015-7370 [MEDIUM] CWE-79 CVE-2015-7370: Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, a
Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026, allow remote attackers to inj
nvd
CVE-2015-7365P4MEDIUMCVSS 4.3≤ 3.2.12015-10-14
CVE-2015-7365 [MEDIUM] CWE-79 CVE-2015-7365: Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2
Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
nvd
CVE-2014-8793P4MEDIUMCVSS 4.3≤ 3.0.52014-12-19
CVE-2014-8793 [MEDIUM] CWE-79 CVE-2014-8793: Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Ad
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
nvd
CVE-2016-9471P4LOWCVSS 3.1≤ 3.2.4v4.0.02017-03-28
CVE-2016-9471 [LOW] CWE-75 CVE-2016-9471: Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't pro
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML pa
nvd
CVE-2025-52666P4LOWCVSS 2.7≤ 5.5.2≥ 6.0.0, ≤ 6.0.12025-11-20
CVE-2025-52666 [LOW] CWE-134 CVE-2025-52666: Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
nvd
CVE-2015-7368P4LOWCVSS 2.1≤ 3.2.12015-10-14
CVE-2015-7368 [LOW] CWE-200 CVE-2015-7368: Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses f
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
nvd
← Previous4 / 4