Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the period_preset parameter.
period_preset