← Retour aux CVEs
CVE-2016-9472
N/ADescription
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.
Details CVE
Score CVSS v3.1N/A
Publie3/28/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
revive-adserver:revive_adserver
Faiblesses (CWE)
CWE-79CWE-79
References
https://github.com/revive-adserver/revive-adserver/commit/14ff73f0(support@hackerone.com)
https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a(support@hackerone.com)
https://hackerone.com/reports/170156(support@hackerone.com)
https://www.revive-adserver.com/security/revive-sa-2016-002/(support@hackerone.com)
https://github.com/revive-adserver/revive-adserver/commit/14ff73f0(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/170156(af854a3a-2127-422b-91ae-364da2661108)
https://www.revive-adserver.com/security/revive-sa-2016-002/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.