Cross-Site Scripting Vulnerability in Revive Adserver Plugin
CVE-2015-7365

Currently unrated

Key Information:

Vendor: Revive-adserver
Status: Revive Adserver
Vendor: CVE Published:; 14 October 2015

🔔 Create Revive-adserver Vulnerability Alert

What is CVE-2015-7365?

A Cross-Site Scripting (XSS) vulnerability exists in the plugin upgrade form of Revive Adserver prior to version 3.2.2. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the filename of uploaded files that contain errors, posing serious security risks to users who interact with the application.

References

http://www.revive-adserver.com/security/revive-sa-2015-001

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/536633/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Oct/32

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2015
Vulnerability Reserved
Sep 25, 2015

CVE-2015-7365 Data

JSON