CVE-2016-9472
Last modified
CVE-2016-9472 is a vulnerability of currently unknown severity. Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. EPSS estimates a 1.64% chance of exploitation in the next 30 days.
Description
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Revive-Adserver | Revive Adserver | <= 3.2.4 |
| Revive-Adserver | Revive Adserver | 4.0.0 |
References
- https://github.com/revive-adserver/revive-adserver/commit/14ff73f0Permissions Required, Third Party Advisory
- https://github.com/revive-adserver/revive-adserver/commit/fcf72c8aPatch, Third Party Advisory
- https://hackerone.com/reports/170156Permissions Required
- https://www.revive-adserver.com/security/revive-sa-2016-002/Patch, Vendor Advisory
- https://github.com/revive-adserver/revive-adserver/commit/14ff73f0Permissions Required, Third Party Advisory
- https://github.com/revive-adserver/revive-adserver/commit/fcf72c8aPatch, Third Party Advisory
- https://hackerone.com/reports/170156Permissions Required
- https://www.revive-adserver.com/security/revive-sa-2016-002/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-9472?
How severe is CVE-2016-9472?
How do I fix CVE-2016-9472?
Are you affected by CVE-2016-9472?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST