CVE-2016-9472

Опубликовано: 28 мар. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.

Ссылки

https://github.com/revive-adserver/revive-adserver/commit/14ff73f0
Permissions Required
Third Party Advisory
https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a
Patch
Third Party Advisory
https://hackerone.com/reports/170156
Permissions Required
https://www.revive-adserver.com/security/revive-sa-2016-002/
Patch
Vendor Advisory
https://github.com/revive-adserver/revive-adserver/commit/14ff73f0
Permissions Required
Third Party Advisory
https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a
Patch
Third Party Advisory
https://hackerone.com/reports/170156
Permissions Required
https://www.revive-adserver.com/security/revive-sa-2016-002/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

Версия до 3.2.4 (включая)

cpe:2.3:a:revive-adserver:revive_adserver:4.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00364

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-22wj-58v7-9wh8