Description

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.

Remediation

References

CVE-2016-9130

Related Vulnerabilities

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Scripting (7.3)

PHP Improper Input Validation Vulnerability (CVE-2015-4604)

Ruby Improper Authentication Vulnerability (CVE-2007-5770)

MySQL CVE-2023-21876 Vulnerability (CVE-2023-21876)

WordPress Plugin Ultimate WordPress Auction Multiple Vulnerabilities (4.0.5)

Severity

Medium

Classification

CVE-2016-9130 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities