Revive-adserver » Revive Adserver : Security Vulnerabilities, CVEs, Published In October 2015 (Bypass)
The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.75%
Published
2015-10-14
Updated
2018-10-09
Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.
Max CVSS
7.5
EPSS Score
0.75%
Published
2015-10-14
Updated
2018-10-09
2 vulnerabilities found