CVE-2016-9472

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9472

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9472.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9472

Published

2017-03-28T02:59:01Z

Modified

2025-05-19T10:01:03.208558Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.

References

Affected packages

Git / github.com/revive-adserver/revive-adserver

Affected ranges

Type: GIT
Repo: https://github.com/revive-adserver/revive-adserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

14ff73f0

Fixed

14ff73f0

Fixed

fcf72c8a

Fixed

fcf72c8a

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.5

v3.0.6

v3.1.0

v3.1.0-beta

v3.2.0

v3.2.0-beta

v3.2.1

v3.2.1-rc1

v3.2.3

v4.*

v4.0.0-rc1