Description

The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.

Remediation

References

CVE-2015-7369

Related Vulnerabilities

WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)

MySQL CVE-2022-21344 Vulnerability (CVE-2022-21344)

WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.38)

WordPress Plugin Ninja Announcements Lite 'ninja_annc.php' SQL Injection (1.2.3)

Severity

High

Classification

CVE-2015-7369 CWE-284

Tags

Missing Update Known Vulnerabilities