CVE-2016-9126

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 3.2.3

Description The issue arises from improper escaping of usernames in the audit trail widget of the dashboard upon login, allowing for persistent XSS attacks. An authenticated user with sufficient privileges to create other users could exploit this to access the administrator account.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the audit trail widget in the dashboard until the update is applied. Additionally, limit the creation of new users to trusted individuals to minimize the risk of exploitation.