CVE-2016-9457

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.3

Description The issue affects the "www/admin/stats.php" endpoint, which is vulnerable to reflected XSS attacks. This is due to multiple parameters not being properly sanitised or escaped when displayed, including setPerPage, pageId, bannerid, period start, and period end.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "www/admin/stats.php" endpoint until the update is applied. Avoid using the vulnerable parameters in this endpoint until the issue is resolved.