Reflected XSS Vulnerability in Revive Adserver by Revive
CVE-2016-9457

5.4MEDIUM

Key Information:

Vendor

Revive-adserver

Status
Revive Adserver All Versions Before 3.2.3
Vendor
CVE Published:
28 March 2017

What is CVE-2016-9457?

The Revive Adserver software prior to version 3.2.3 is susceptible to reflected cross-site scripting (XSS) attacks. Attackers can exploit this vulnerability by sending malicious requests to the www/admin/stats.php endpoint. Parameters such as setPerPage, pageId, bannerid, period_start, and period_end are not adequately sanitized or escaped, allowing attackers to inject and execute arbitrary scripts in users' browsers. This could lead to unauthorized access to sensitive information or hijacked sessions. It is crucial for users of affected versions to update their software to mitigate this security risk.

Affected Version(s)

Revive Adserver All before 3.2.3 Revive Adserver All versions before 3.2.3

References

https://github.com/revive-adserver/revive-adserver/commit...
x_refsource_MISC
http://www.securityfocus.com/bid/83964
vdb-entryx_refsource_BID
https://www.revive-adserver.com/security/revive-sa-2016-001/
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.