Description
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
Remediation
References
Related Vulnerabilities
WordPress Plugin PixCodes Cross-Site Scripting (2.3.6)
WordPress Plugin WP Symposium Pro Social Network Cross-Site Scripting (16.01)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7929)
WordPress Plugin BuddyBoss Wall Cross-Site Scripting (1.1.7)
WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.14)