Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
132 vulnerabilities found for revive_adserver by revive-adserver
CVE-2026-50745 (GCVE-0-2026-50745)
Vulnerability from nvd – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:29
VLAI
Summary
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS) - Reflected
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:29:06.205421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:29:14.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mahmoud Khaled (Kanon4)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user\u2011supplied input to be reflected without escaping."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS) - Reflected",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.310Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3793243"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50745",
"datePublished": "2026-06-26T01:11:14.310Z",
"dateReserved": "2026-06-06T15:00:09.780Z",
"dateUpdated": "2026-06-26T12:29:14.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50744 (GCVE-0-2026-50744)
Vulnerability from nvd – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:29
VLAI
Summary
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked session ID could be used to perform subsequent API calls without restrictions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control - Generic
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:29:37.917590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:29:47.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenji Subagja (garuthacktivist)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A bypass to the admin\u2011only restriction of the XML\u2011RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked session ID could be used to perform subsequent API calls without restrictions."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.060Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3783738"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50744",
"datePublished": "2026-06-26T01:11:14.060Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:29:47.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50742 (GCVE-0-2026-50742)
Vulnerability from nvd – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:25
VLAI
Summary
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS) - Stored
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:25:20.510870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:25:33.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Althaf Shajahan (AnGrY)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker\u0027s control."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS) - Stored",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.243Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3781311"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50742",
"datePublished": "2026-06-26T01:11:14.243Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:25:33.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50741 (GCVE-0-2026-50741)
Vulnerability from nvd – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:27
VLAI
Summary
Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Code Injection
Assigner
References
2 references
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:27:34.466991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:27:43.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rio Darmawan (riodrwn)"
},
{
"lang": "en",
"type": "finder",
"value": "Mikhail Ilin (doomtech)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.108Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3780854"
},
{
"url": "https://hackerone.com/reports/3781492"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50741",
"datePublished": "2026-06-26T01:11:14.108Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:27:43.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50740 (GCVE-0-2026-50740)
Vulnerability from nvd – Published: 2026-06-26 01:11 – Updated: 2026-06-26 01:11
VLAI
Summary
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks.
Severity
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS) - Reflected
Assigner
References
1 reference
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mahmoud Khaled (Kanon4)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low\u2011privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS) - Reflected",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.295Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3780806"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50740",
"datePublished": "2026-06-26T01:11:14.295Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T01:11:14.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50739 (GCVE-0-2026-50739)
Vulnerability from nvd – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:28
VLAI
Summary
A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control - Generic
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:28:20.731460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:28:29.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hakuopi"
},
{
"lang": "en",
"type": "finder",
"value": "sy2no"
},
{
"lang": "en",
"type": "finder",
"value": "garuthacktvist"
},
{
"lang": "en",
"type": "finder",
"value": "aszh"
}
],
"descriptions": [
{
"lang": "en",
"value": "A bypass for CVE\u20112026\u201134913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low\u2011privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.071Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3780709"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50739",
"datePublished": "2026-06-26T01:11:14.071Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:28:29.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53931 (GCVE-0-2023-53931)
Vulnerability from nvd – Published: 2025-12-17 22:44 – Updated: 2026-04-07 14:07
VLAI
Title
Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Summary
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51401 | exploit |
| https://www.revive-adserver.com/ | product |
| https://www.vulncheck.com/advisories/revive-adser… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive-adserver | revive-adserver |
Affected:
5.4.1
|
Date Public
2023-05-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:47:32.626138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:02:00.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51401"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "revive-adserver",
"vendor": "Revive-adserver",
"versions": [
{
"status": "affected",
"version": "5.4.1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:adserver:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:5.0.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"datePublic": "2023-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:07:51.856Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51401",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51401"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.revive-adserver.com/"
},
{
"name": "VulnCheck Advisory: Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/revive-adserver-cross-site-scripting-via-banner-advanced-settings"
}
],
"title": "Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53931",
"datePublished": "2025-12-17T22:44:58.562Z",
"dateReserved": "2025-12-16T19:22:09.996Z",
"dateUpdated": "2026-04-07T14:07:51.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55124 (GCVE-0-2025-55124)
Vulnerability from nvd – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:44
VLAI
Summary
Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Unaffected: 6.0.2 , ≤ 6.0.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55124",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:44:31.549402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:44:35.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3403727"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.617Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3403727"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55124",
"datePublished": "2025-11-20T19:10:15.617Z",
"dateReserved": "2025-08-07T15:00:05.575Z",
"dateUpdated": "2025-11-20T21:44:35.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55123 (GCVE-0-2025-55123)
Vulnerability from nvd – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:40
VLAI
Summary
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55123",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:40:43.687422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:40:47.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3404968"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.783Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3404968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55123",
"datePublished": "2025-11-20T19:10:15.783Z",
"dateReserved": "2025-08-07T15:00:05.575Z",
"dateUpdated": "2025-11-20T21:40:47.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52671 (GCVE-0-2025-52671)
Vulnerability from nvd – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:41
VLAI
Summary
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52671",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:41:33.086687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:41:36.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3403450"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.756Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3403450"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52671",
"datePublished": "2025-11-20T19:10:15.756Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:41:36.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52670 (GCVE-0-2025-52670)
Vulnerability from nvd – Published: 2025-11-20 19:10 – Updated: 2025-12-01 20:07
VLAI
Summary
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52670",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:01:32.830750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:07:23.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts"
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.391Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3401612"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52670",
"datePublished": "2025-11-20T19:10:15.391Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-12-01T20:07:23.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52669 (GCVE-0-2025-52669)
Vulnerability from nvd – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:43
VLAI
Summary
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52669",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:43:22.750442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:43:25.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3401464"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.642Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3401464"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52669",
"datePublished": "2025-11-20T19:10:15.642Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:43:25.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52668 (GCVE-0-2025-52668)
Vulnerability from nvd – Published: 2025-11-20 19:11 – Updated: 2025-11-20 21:33
VLAI
Summary
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
Severity
8.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52668",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:33:07.535626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:33:11.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3400506"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.482Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3400506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52668",
"datePublished": "2025-11-20T19:11:36.482Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:33:11.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52667 (GCVE-0-2025-52667)
Vulnerability from nvd – Published: 2025-11-20 19:10 – Updated: 2025-12-01 20:09
VLAI
Summary
Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52667",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:01:57.559943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:09:24.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.360Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399809"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52667",
"datePublished": "2025-11-20T19:10:15.360Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-12-01T20:09:24.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52666 (GCVE-0-2025-52666)
Vulnerability from nvd – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:42
VLAI
Summary
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6.0.1 , ≤ 6.0.1
(semver)
Affected: 5.5.2 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52666",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:42:31.010532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:42:35.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3399218"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5.5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.725Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399218"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52666",
"datePublished": "2025-11-20T19:10:15.725Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:42:35.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48987 (GCVE-0-2025-48987)
Vulnerability from nvd – Published: 2025-11-20 19:11 – Updated: 2025-11-20 21:39
VLAI
Summary
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48987",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:39:43.502797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:39:46.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3399191"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.436Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48987",
"datePublished": "2025-11-20T19:11:36.436Z",
"dateReserved": "2025-05-29T15:00:04.775Z",
"dateUpdated": "2025-11-20T21:39:46.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48986 (GCVE-0-2025-48986)
Vulnerability from nvd – Published: 2025-11-20 19:11 – Updated: 2025-11-20 21:38
VLAI
Summary
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
5 , ≤ 5.5.2
(semver)
Unaffected: 5.5.3 , ≤ 5.5.3 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Affected: 6 , ≤ 6.0.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:38:45.725279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:38:49.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3398283"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users\u0027 email address and potentialy take over their accounts using the forgot password functionality."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.449Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3398283"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48986",
"datePublished": "2025-11-20T19:11:36.449Z",
"dateReserved": "2025-05-29T15:00:04.775Z",
"dateUpdated": "2025-11-20T21:38:49.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50745 (GCVE-0-2026-50745)
Vulnerability from cvelistv5 – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:29
VLAI
Summary
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS) - Reflected
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:29:06.205421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:29:14.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mahmoud Khaled (Kanon4)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user\u2011supplied input to be reflected without escaping."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS) - Reflected",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.310Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3793243"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50745",
"datePublished": "2026-06-26T01:11:14.310Z",
"dateReserved": "2026-06-06T15:00:09.780Z",
"dateUpdated": "2026-06-26T12:29:14.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50740 (GCVE-0-2026-50740)
Vulnerability from cvelistv5 – Published: 2026-06-26 01:11 – Updated: 2026-06-26 01:11
VLAI
Summary
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks.
Severity
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS) - Reflected
Assigner
References
1 reference
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mahmoud Khaled (Kanon4)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low\u2011privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS) - Reflected",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.295Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3780806"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50740",
"datePublished": "2026-06-26T01:11:14.295Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T01:11:14.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50742 (GCVE-0-2026-50742)
Vulnerability from cvelistv5 – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:25
VLAI
Summary
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS) - Stored
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:25:20.510870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:25:33.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Althaf Shajahan (AnGrY)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker\u0027s control."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS) - Stored",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.243Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3781311"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50742",
"datePublished": "2026-06-26T01:11:14.243Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:25:33.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50741 (GCVE-0-2026-50741)
Vulnerability from cvelistv5 – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:27
VLAI
Summary
Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Code Injection
Assigner
References
2 references
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:27:34.466991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:27:43.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rio Darmawan (riodrwn)"
},
{
"lang": "en",
"type": "finder",
"value": "Mikhail Ilin (doomtech)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.108Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3780854"
},
{
"url": "https://hackerone.com/reports/3781492"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50741",
"datePublished": "2026-06-26T01:11:14.108Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:27:43.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50739 (GCVE-0-2026-50739)
Vulnerability from cvelistv5 – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:28
VLAI
Summary
A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control - Generic
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:28:20.731460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:28:29.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hakuopi"
},
{
"lang": "en",
"type": "finder",
"value": "sy2no"
},
{
"lang": "en",
"type": "finder",
"value": "garuthacktvist"
},
{
"lang": "en",
"type": "finder",
"value": "aszh"
}
],
"descriptions": [
{
"lang": "en",
"value": "A bypass for CVE\u20112026\u201134913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low\u2011privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.071Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3780709"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50739",
"datePublished": "2026-06-26T01:11:14.071Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:28:29.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50744 (GCVE-0-2026-50744)
Vulnerability from cvelistv5 – Published: 2026-06-26 01:11 – Updated: 2026-06-26 12:29
VLAI
Summary
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked session ID could be used to perform subsequent API calls without restrictions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control - Generic
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T12:29:37.917590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T12:29:47.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenji Subagja (garuthacktivist)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A bypass to the admin\u2011only restriction of the XML\u2011RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked session ID could be used to perform subsequent API calls without restrictions."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T01:11:14.060Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3783738"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-50744",
"datePublished": "2026-06-26T01:11:14.060Z",
"dateReserved": "2026-06-06T15:00:09.779Z",
"dateUpdated": "2026-06-26T12:29:47.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53931 (GCVE-0-2023-53931)
Vulnerability from cvelistv5 – Published: 2025-12-17 22:44 – Updated: 2026-04-07 14:07
VLAI
Title
Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Summary
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51401 | exploit |
| https://www.revive-adserver.com/ | product |
| https://www.vulncheck.com/advisories/revive-adser… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive-adserver | revive-adserver |
Affected:
5.4.1
|
Date Public
2023-05-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:47:32.626138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:02:00.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51401"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "revive-adserver",
"vendor": "Revive-adserver",
"versions": [
{
"status": "affected",
"version": "5.4.1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:adserver:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:5.0.5:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"datePublic": "2023-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:07:51.856Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51401",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51401"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.revive-adserver.com/"
},
{
"name": "VulnCheck Advisory: Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/revive-adserver-cross-site-scripting-via-banner-advanced-settings"
}
],
"title": "Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53931",
"datePublished": "2025-12-17T22:44:58.562Z",
"dateReserved": "2025-12-16T19:22:09.996Z",
"dateUpdated": "2026-04-07T14:07:51.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52668 (GCVE-0-2025-52668)
Vulnerability from cvelistv5 – Published: 2025-11-20 19:11 – Updated: 2025-11-20 21:33
VLAI
Summary
Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
Severity
8.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52668",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:33:07.535626Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:33:11.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3400506"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.482Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3400506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52668",
"datePublished": "2025-11-20T19:11:36.482Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:33:11.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48986 (GCVE-0-2025-48986)
Vulnerability from cvelistv5 – Published: 2025-11-20 19:11 – Updated: 2025-11-20 21:38
VLAI
Summary
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
5 , ≤ 5.5.2
(semver)
Unaffected: 5.5.3 , ≤ 5.5.3 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Affected: 6 , ≤ 6.0.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:38:45.725279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:38:49.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3398283"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users\u0027 email address and potentialy take over their accounts using the forgot password functionality."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.449Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3398283"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48986",
"datePublished": "2025-11-20T19:11:36.449Z",
"dateReserved": "2025-05-29T15:00:04.775Z",
"dateUpdated": "2025-11-20T21:38:49.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48987 (GCVE-0-2025-48987)
Vulnerability from cvelistv5 – Published: 2025-11-20 19:11 – Updated: 2025-11-20 21:39
VLAI
Summary
Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48987",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:39:43.502797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:39:46.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3399191"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:11:36.436Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-48987",
"datePublished": "2025-11-20T19:11:36.436Z",
"dateReserved": "2025-05-29T15:00:04.775Z",
"dateUpdated": "2025-11-20T21:39:46.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55123 (GCVE-0-2025-55123)
Vulnerability from cvelistv5 – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:40
VLAI
Summary
Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55123",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:40:43.687422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:40:47.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3404968"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.783Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3404968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-55123",
"datePublished": "2025-11-20T19:10:15.783Z",
"dateReserved": "2025-08-07T15:00:05.575Z",
"dateUpdated": "2025-11-20T21:40:47.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52671 (GCVE-0-2025-52671)
Vulnerability from cvelistv5 – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:41
VLAI
Summary
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6 , ≤ 6.0.1
(semver)
Affected: 5 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52671",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:41:33.086687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:41:36.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3403450"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.756Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3403450"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52671",
"datePublished": "2025-11-20T19:10:15.756Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:41:36.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52666 (GCVE-0-2025-52666)
Vulnerability from cvelistv5 – Published: 2025-11-20 19:10 – Updated: 2025-11-20 21:42
VLAI
Summary
Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revive | Revive Adserver |
Affected:
6.0.1 , ≤ 6.0.1
(semver)
Affected: 5.5.2 , ≤ 5.5.2 (semver) Unaffected: 6.0.2 , ≤ 6.0.2 (semver) Unaffected: 5.5.3 , ≤ 5.5.3 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52666",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-20T21:42:31.010532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T21:42:35.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://hackerone.com/reports/3399218"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Revive Adserver",
"vendor": "Revive",
"versions": [
{
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "6.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "5.5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.2",
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.5.3",
"status": "unaffected",
"version": "5.5.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T19:10:15.725Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/3399218"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2025-52666",
"datePublished": "2025-11-20T19:10:15.725Z",
"dateReserved": "2025-06-18T15:00:00.895Z",
"dateUpdated": "2025-11-20T21:42:35.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}