彙總 Revive Adserver 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷、開放重定向、SQL 注入與緩衝區溢位,在 生產負載與軟體部署 使用場景中可能帶來 資料外洩、應用程式崩潰與記憶體損壞 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-50745 | A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping. | [email protected] | 6.1 | 0.13% | 2026-06-25 | 2026-06-29 |
| CVE-2026-50744 | A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked session ID could be used to perform subsequent API calls without restrictions. | [email protected] | 4.3 | 0.18% | 2026-06-25 | 2026-06-29 |
| CVE-2026-50742 | A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control. | [email protected] | 5.4 | 0.11% | 2026-06-25 | 2026-06-29 |
| CVE-2026-50741 | Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as `type`, or using the `ox.setChannelTargeting` XML-RPC API method. | [email protected] | 8.8 | 0.33% | 2026-06-25 | 2026-06-29 |
| CVE-2026-50740 | A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks. | [email protected] | 5.4 | 0.15% | 2026-06-25 | 2026-06-29 |
| CVE-2026-50739 | A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in Revive Adserver 6.0.7 and earlier. As a result, a low‑privileged user could link their trackers to campaigns owned by other managers on the same instance, leading to inconsistent ownership relationships. | [email protected] | 4.3 | 0.17% | 2026-06-25 | 2026-06-29 |
| CVE-2023-53931 | Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page. | [email protected] | 5.1 | 2.26% | 2025-12-17 | 2026-06-17 |
| CVE-2025-55124 | Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script. | [email protected] | 6.1 | 0.35% | 2025-11-20 | 2026-06-17 |
| CVE-2025-55123 | Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users. | [email protected] | 5.4 | 0.37% | 2025-11-20 | 2026-06-17 |
| CVE-2025-52671 | Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use. | [email protected] | 4.3 | 0.29% | 2025-11-20 | 2026-06-17 |
| CVE-2025-52670 | Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts | [email protected] | 6.5 | 0.27% | 2025-11-20 | 2026-06-17 |
| CVE-2025-52669 | Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system. | [email protected] | 4.3 | 0.25% | 2025-11-20 | 2026-06-17 |
| CVE-2025-52668 | Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack. | [email protected] | 5.4 | 0.43% | 2025-11-20 | 2026-06-17 |
| CVE-2025-52667 | Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user. | [email protected] | 5.4 | 0.30% | 2025-11-20 | 2026-06-17 |
| CVE-2025-52666 | Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error. | [email protected] | 2.7 | 0.35% | 2025-11-20 | 2026-06-17 |
| CVE-2025-48987 | Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack. | [email protected] | 6.1 | 0.41% | 2025-11-20 | 2026-06-17 |
| CVE-2025-48986 | Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality. | [email protected] | 8.8 | 0.56% | 2025-11-20 | 2026-06-17 |
| CVE-2025-52664 | SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users | [email protected] | 8.8 | 0.93% | 2025-10-30 | 2026-06-17 |
| CVE-2025-27208 | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed. The vulnerability is present in the admin-search.php file and can be exploited vi | [email protected] | 6.1 | 1.35% | 2025-10-30 | 2026-06-17 |
| CVE-2023-38040 | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. | [email protected] | 6.1 | 1.98% | 2023-09-17 | 2026-06-17 |