Описание
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
Ссылки
- PatchThird Party Advisory
- Permissions Required
- PatchVendor Advisory
- PatchThird Party Advisory
- Permissions Required
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
3.1 Low
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
EPSS
3.1 Low
CVSS3
2.1 Low
CVSS2