Special Element Injection Vulnerability in Revive Adserver by Revive
CVE-2016-9471

3.1LOW

Key Information:

Vendor

Revive-adserver

Status
Revive Adserver All Versions Before 3.2.5 And 4.0.0
Vendor
CVE Published:
28 March 2017

What is CVE-2016-9471?

Revive Adserver prior to version 3.2.5 and 4.0.0 is susceptible to a Special Element Injection vulnerability where user inputs, specifically usernames, are not adequately sanitized during user creation. This oversight permits the presence of seemingly identical usernames due to the lack of filter on control characters, which are typically ignored in HTML display. Consequently, this could lead to user spoofing, although the exploit requires elevated privileges to create users in the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Revive Adserver All before 3.2.5 and 4.0.0 Revive Adserver All versions before 3.2.5 and 4.0.0

References

https://hackerone.com/reports/128181
x_refsource_MISC
https://github.com/revive-adserver/revive-adserver/commit...
x_refsource_MISC
https://www.revive-adserver.com/security/revive-sa-2016-002/
x_refsource_MISC

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.