Revive Adserver Program Statistics

View program

32 total issues disclosed

$0 total paid publicly

Most disclosed (9 disclosures) — Cross-site Scripting (XSS) - Reflected

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
[revive-adserver] Reflected XSS in Banner Delivery Options via cap parameter Cross-site Scripting (XSS) - Reflected 7yr Medium 2026-01-14
Reflected XSS in banner-acl.php and channel-acl.php via executionorder Cross-site Scripting (XSS) - Reflected 7yr Medium 2026-01-14
Reflected XSS in afr.php Cross-site Scripting (XSS) - Reflected nigh7c0r3 Medium 2026-01-14
Broken Access Control allows advertiser accounts to delete trackers they do not own Improper Access Control - Generic 0xjad High 2026-01-14
INI Format string injection in Revive Adserver 6.0.4 settings Use of Externally-Controlled Format String pakcyberbot Low 2026-01-14
Username Validation Bypass Improper Authentication - Generic kassem_s94 Medium 2025-11-26
Unrestricted setPerPage allows huge result sets / resource exhaustion / mass log retrieval Allocation of Resources Without Limits or Throttling vidang04 Medium 2025-11-19
Username normalization missing allows visually indistinguishable accounts (Whitespace-Based Impersonation) Improper Neutralization of Whitespace yoyomiski Medium 2025-11-19
Stored-XSS in campaign name displayed in Banners modal Cross-site Scripting (XSS) - Stored vidang04 Medium 2025-11-19
Stored-XSS in Banner Name field Cross-site Scripting (XSS) - Stored yoyomiski Low 2025-11-19
Reflected XSS in /admin/banner-zone.php (v6.0.0+) Cross-site Scripting (XSS) - Reflected vidang04 Medium 2025-11-19
Information Disclosure via Verbose Error Messages Information Exposure Through an Error Message yoyomiski Medium 2025-11-19
IDOR Vulnerability in Banner Deletion Insecure Direct Object Reference (IDOR) cyberjoker High 2025-11-19
Information Disclosure via “Add user” lookup in Account Management (User Access) Exposure of Sensitive Information Due to Incompatible Policies yoyomiski Medium 2025-11-19
Stored XSS in Conversion Statistics via Tracker Name Cross-site Scripting (XSS) - Stored cyberjoker High 2025-11-19
Stored XSS on inventory-retrieve.php Cross-site Scripting (XSS) - Stored lu3ky-13 Low 2025-11-19
Improper sanitisation of input in the settings could cause DoS Business Logic Errors lu3ky-13 Low 2025-11-19
Reflected XSS in account-preferences-plugin.php Cross-site Scripting (XSS) - Reflected lu3ky-13 Medium 2025-11-19
Authorization bypass allows changing email address of other users Improper Access Control - Generic yoyomiski High 2025-11-19
Error-Based & Time-Based SQL Injection in 'keyword' Parameter of admin-search.php Allowing Full Database Access in Revive Adserver v6.0.0 SQL Injection kanon4 High 2025-10-24
Reflected Cross-Site Scripting (XSS) in Revive Adserver 5.5.2 Cross-site Scripting (XSS) - Reflected env_bak Medium 2025-10-22
Login page password-guessing attack Violation of Secure Design Principles karan No rating 2024-04-19
Multiple cross-site scripting (XSS) vulnerabilities in Revive Adserver Cross-site Scripting (XSS) - Generic l4stb1t Low 2023-09-13
Use of a Broken or Risky Cryptographic Algorithm Use of a Broken or Risky Cryptographic Algorithm 418sec Medium 2021-09-15
Reflected XSS on /admin/stats.php Cross-site Scripting (XSS) - Reflected solov9ev Medium 2021-06-03
Reflected XSS on /admin/stats.php Cross-site Scripting (XSS) - Reflected solov9ev Medium 2021-03-16
Reflected XSS on /admin/campaign-zone-zones.php Cross-site Scripting (XSS) - Reflected solov9ev Medium 2021-03-16
bypass old password with array in /admin/account-user-email.php Array Index Underflow hoangn1441 Low 2020-03-12
Reflected XSS in Step 2 of the Installation Cross-site Scripting (XSS) - Generic pavanw3b No rating 2017-08-02
Stored XSS on Admin Access Page - Email field Cross-site Scripting (XSS) - Generic pavanw3b High 2017-08-02
Reflected XSS on Zones > Invocation Code Cross-site Scripting (XSS) - Generic pavanw3b Low 2017-08-02
Weak Forgot Password implementation Improper Authentication - Generic pavanw3b Low 2017-08-02