Revive-adserver » Revive Adserver : Security Vulnerabilities, CVEs, Published In 2015 (CSRF)
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
Max CVSS
6.8
EPSS Score
0.24%
Published
2015-10-14
Updated
2018-10-09
The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.
Max CVSS
6.8
EPSS Score
0.21%
Published
2015-10-14
Updated
2018-10-09
2 vulnerabilities found