CVE-2016-9454

CVE-2016-9454

Vendor N/A
Product Revive Adserver All versions before 3.2.3
Weakness CWE-79 · XSS
Published March 28, 2017
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.

Key dates

02Disclosure timeline

March 28, 2017 CVE published
August 6, 2024 Record updated