Persistent XSS Vulnerability in Revive Adserver by Revive Adserver
CVE-2016-9130

5.4MEDIUM

Key Information:

Vendor: Revive-adserver
Status: Revive Adserver All Versions Before 3.2.3
Vendor: CVE Published:; 28 March 2017

🔔 Create Revive-adserver Vulnerability Alert

What is CVE-2016-9130?

Revive Adserver prior to version 3.2.3 contains a persistent cross-site scripting vulnerability that allows an attacker with a trusted user (non-admin) account to inject malicious scripts via the campaign-zone.php script. This occurs due to improper escaping of the website name when presented in the user interface, posing a risk for persistent exploitation within the advertising management platform.

Affected Version(s)

Revive Adserver All before 3.2.3 Revive Adserver All versions before 3.2.3

References

https://www.revive-adserver.com/security/revive-sa-2016-001/

x_refsource_MISC

https://github.com/revive-adserver/revive-adserver/commit...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2017
Vulnerability Reserved
Oct 31, 2016

JSON