NuytsTech Security

CVE-2016-9130

by ·

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn’t properly escaped when displayed in the campaign-zone.php script.

Date published : 2017-03-27

https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83

Revive Adserver Security Advisory REVIVE-SA-2016-001

Tags: