Description

Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.

Remediation

References

CVE-2015-7373

Related Vulnerabilities

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.4)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.13)

WordPress Plugin AccessPress Custom CSS includes Backdoor [Only if downloaded via the vendor website] (2.0.1)

WordPress Plugin Coming Soon & Maintenance Mode Page PHP Object Injection (1.42)

WordPress Plugin CMS Tree Page View 'cms_tpv_view' Parameter Cross-Site Scripting (0.8.8)

Severity

Medium

Classification

CVE-2015-7373 CWE-707

Tags

Missing Update Known Vulnerabilities