Vulnerabilities in Revive
23 resultsCVE-2023-38040—A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..EPSS 2.0%CVE-2019-5440—Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bEPSS 1.6%CVE-2025-27208MEDIUMA reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user wiEPSS 1.4%CVE-2025-52664HIGHSQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by loggEPSS 1.0%CVE-2025-48986HIGHAuthorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email addreEPSS 0.6%CVE-2025-52668HIGHImproper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential iEPSS 0.4%CVE-2025-48987MEDIUMImproper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.EPSS 0.4%CVE-2025-55123LOWImproper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attEPSS 0.4%CVE-2025-52666LOWImproper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administratorEPSS 0.4%CVE-2025-55124MEDIUMImproper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.EPSS 0.4%CVE-2025-55128MEDIUMHackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.phpEPSS 0.3%CVE-2025-52667LOWMissing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possibEPSS 0.3%CVE-2025-52671MEDIUMDebug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to aEPSS 0.3%CVE-2025-52670HIGHMissing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by otEPSS 0.3%CVE-2025-52669MEDIUMInsecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to havEPSS 0.3%CVE-2026-21641HIGHHackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of ReEPSS 0.2%CVE-2025-55129MEDIUMHackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonatioEPSS 0.2%CVE-2025-55127MEDIUMHackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new uEPSS 0.2%CVE-2026-21640LOWHackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific cEPSS 0.2%CVE-2025-55126MEDIUMHackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertEPSS 0.2%