PT-2017-10163 · Revive Adserver Team · Revive Adserver
Pavanw3B
·
Publicado
2017-03-28
·
Atualizado
2019-10-09
·
CVE-2016-9472
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Revive Adserver versions prior to 3.2.5
Revive Adserver versions prior to 4.0.0
Description
The issue concerns a reflected XSS attack. The Revive Adserver web installer scripts are vulnerable to this attack via parameters such as
dbHost and dbUser. The window for such attack vectors is extremely narrow, making it unlikely for an attack to be effective.Recommendations
For Revive Adserver versions prior to 3.2.5, update to version 3.2.5 or later.
For Revive Adserver versions prior to 4.0.0, update to version 4.0.0 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Revive Adserver