Description

Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.

Remediation

References

CVE-2016-9457

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0060)

WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)

WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)

MySQL CVE-2020-14697 Vulnerability (CVE-2020-14697)

Drupal Core 9.0.x Cross-Site Scripting (9.0.0 - 9.0.14)

Severity

Medium

Classification

CVE-2016-9457 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities