PT-2017-10163 · Revive Adserver Team · Revive Adserver

Pavanw3B

Published

2017-03-28

Updated

2019-10-09

CVE-2016-9472

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.5 Revive Adserver versions prior to 4.0.0

Description The issue concerns a reflected XSS attack. The Revive Adserver web installer scripts are vulnerable to this attack via parameters such as dbHost and dbUser. The window for such attack vectors is extremely narrow, making it unlikely for an attack to be effective.

Recommendations For Revive Adserver versions prior to 3.2.5, update to version 3.2.5 or later. For Revive Adserver versions prior to 4.0.0, update to version 4.0.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-9472

Affected Products

Revive Adserver

PT-2017-10163 · Revive Adserver Team · Revive Adserver

CVE-2016-9472

Weakness Enumeration

Related Identifiers

Affected Products

References · 6