CVE-2016-9457

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9457

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9457.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9457

Published

2017-03-28T02:59:00Z

Modified

2025-05-19T03:20:04.044083Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Revive Adserver before 3.2.3 suffers from Reflected XSS. www/admin/stats.php is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, periodstart, periodend, and possibly others.

References

Affected packages

Git / github.com/revive-adserver/revive-adserver

Affected ranges

Type: GIT
Repo: https://github.com/revive-adserver/revive-adserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ecbe822b48ef4ff61c2c6357c0c94199a81946f4

Fixed

ecbe822b48ef4ff61c2c6357c0c94199a81946f4

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.5

v3.0.6

v3.1.0

v3.1.0-beta

v3.2.0

v3.2.0-beta

v3.2.1

v3.2.1-rc1