Cross-Site Scripting Vulnerability in Revive Adserver by Revive Adserver
CVE-2017-5833

6.1MEDIUM

Key Information:

Vendor

Revive-adserver

Status
Revive Adserver
Vendor
CVE Published:
3 March 2017

What is CVE-2017-5833?

A Cross-Site Scripting (XSS) vulnerability exists in the invocation code generation for interstitial zones in Revive Adserver versions prior to 4.0.1. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML code through unspecified parameters, potentially compromising the security and integrity of the affected application and its users. Organizations utilizing this ad management software should review their systems and apply necessary patches to mitigate risks associated with this security flaw.

References

http://www.openwall.com/lists/oss-security/2017/02/02/3
mailing-listx_refsource_MLIST
https://www.revive-adserver.com/security/revive-sa-2017-001/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95875
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.