CVE-2017-5833 is a cross-site scripting issue in Revive Adserver’s invocation code generation for interstitial zones. According to the NVD record, versions through 4.0.0 are affected, and the vendor advisory identifies a fix in 4.0.1. The flaw can let a remote attacker inject arbitrary web script or HTML through unspecified parameters, which can affect confidentiality and integrity in browser contexts whe [truncated]
CVE-2017-5832 is a cross-site scripting issue in Revive Adserver before 4.0.1. A remote authenticated user could inject arbitrary web script or HTML through the user's email address, creating a path for session abuse, UI manipulation, or other browser-side impact when the value is rendered back to users.
CVE-2017-5831 is a session fixation vulnerability in Revive Adserver’s forgot-password mechanism. In affected versions before 4.0.1, an attacker could abuse the session ID during password reset and potentially hijack the resulting web session.
CVE-2017-5830 is a critical remote code execution vulnerability in Revive Adserver affecting versions before 4.0.1. According to the supplied NVD record and vendor advisory references, the issue involves serialized data in cookies related to delivery scripts, which can allow remote attackers to execute arbitrary code. The vulnerability is rated 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it [truncated]
