Revive-adserver » Revive Adserver : Security Vulnerabilities, CVEs, Published In 2017 (CSRF) CVSS score >= 5
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed.
Max CVSS
8.8
EPSS Score
0.15%
Published
2017-03-28
Updated
2017-03-30
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`.
Max CVSS
8.8
EPSS Score
0.14%
Published
2017-03-28
Updated
2017-03-30
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.
Max CVSS
8.8
EPSS Score
0.15%
Published
2017-03-28
Updated
2019-10-09
3 vulnerabilities found