Cross-Site Scripting Vulnerability in Revive Adserver by Revive Adserver
CVE-2017-5832

5.4MEDIUM

Key Information:

Vendor

Revive-adserver

Status
Revive Adserver
Vendor
CVE Published:
3 March 2017

What is CVE-2017-5832?

A cross-site scripting (XSS) vulnerability exists in Revive Adserver versions before 4.0.1, permitting remote authenticated users to inject arbitrary web scripts or HTML content through the user's email address. This flaw can potentially be exploited to manipulate content displayed to end users, posing risks to the integrity and security of web applications utilizing Revive Adserver.

References

http://www.openwall.com/lists/oss-security/2017/02/02/3
mailing-listx_refsource_MLIST
https://www.revive-adserver.com/security/revive-sa-2017-001/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95875
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.