CVE-2016-9470 - AskarLabs CVE Database

CVE-2016-9470

Vendor N/A

Product Revive Adserver All versions before 3.2.5 and 4.0.0

Weakness CWE-79 · XSS

Published March 28, 2017

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.

Key dates

02Disclosure timeline

March 28, 2017 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-9470 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2019-25316 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting CVE-2024-51646 WordPress Saoshyant Element plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-4507 Admission AppManager <= 1.0.0 - Reflected Cross-Site Scripting CVE-2025-22762 WordPress Octrace Support Pro plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode