Description

The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.

Remediation

References

CVE-2015-7369

Related Vulnerabilities

WordPress Plugin Google Maps by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (1.2.1)

MySQL CVE-2019-2620 Vulnerability (CVE-2019-2620)

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-3509)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

Severity

High

Classification

CVE-2015-7369 CWE-284

Tags

Missing Update Known Vulnerabilities