CVE-2016-9457

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9457
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9457.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9457
Published
2017-03-28T02:59:00.700Z
Modified
2026-04-10T03:54:15.359785Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Revive Adserver before 3.2.3 suffers from Reflected XSS. www/admin/stats.php is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, periodstart, periodend, and possibly others.

References

Affected packages

Git / github.com/revive-adserver/revive-adserver

Affected ranges

Type
GIT
Repo
https://github.com/revive-adserver/revive-adserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e1fc268218ef914dc3c37d98b9721759f051f74f
Fixed
ecbe822b48ef4ff61c2c6357c0c94199a81946f4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.2"
        }
    ]
}

Affected versions

v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v3.1.0-beta
v3.2.0
v3.2.0-beta
v3.2.1
v3.2.1-rc1
v3.2.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9457.json"