Description

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.

Remediation

References

CVE-2016-9130

Related Vulnerabilities

WordPress Plugin Simple File List Arbitrary File Download (3.2.7)

phpMyAdmin Other Vulnerability (CVE-2007-0204)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Cross-Site Scripting Vulnerabilities (2.9.51)

Oracle Application Server Other Vulnerability (CVE-2007-0285)

PHP Improper Input Validation Vulnerability (CVE-2007-5128)

Severity

Medium

Classification

CVE-2016-9130 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities