CVE-2016-9454

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.3

Description The issue allows for persistent XSS attacks through the user interface, requiring a trusted non-admin account. A vector exists due to the improper escaping of the banner image URL for external banners when displayed on most banner-related pages.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the banner image URL for external banners to minimize the risk of exploitation. Avoid using the banner image URL feature in the affected API endpoints until the issue is resolved.