CVE-2016-9126

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9126

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9126.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9126

Published

2017-03-28T02:59:00Z

Modified

2025-04-20T03:27:47.763140Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.

References

Affected packages

Git / github.com/revive-adserver/revive-adserver

Affected ranges

Type: GIT
Repo: https://github.com/revive-adserver/revive-adserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec

Fixed

8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ec

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.5

v3.0.6

v3.1.0

v3.1.0-beta

v3.2.0

v3.2.0-beta

v3.2.1

v3.2.1-rc1