QwikSec

Security Database

CVE

CWE

Training

CVE-2016-9126

Published: Mar 28, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.

Vendor	Product	Versions
n/a	Revive Adserver All versions before 3.2.3	affected `Revive Adserver All versions before 3.2.3`

Weaknesses (CWE)

References

https://github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec

x_refsource_MISC

https://www.revive-adserver.com/security/revive-sa-2016-001/

x_refsource_MISC

https://hackerone.com/reports/97073

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.