Description

Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others.

Remediation

References

CVE-2016-9457

Related Vulnerabilities

Squid Improper Input Validation Vulnerability (CVE-2019-12520)

Perl Improper Input Validation Vulnerability (CVE-2016-2381)

WordPress Plugin WordPress Meta Data and Taxonomies Filter (MDTF) PHP Object Injection (1.2.2)

MySQL CVE-2018-2786 Vulnerability (CVE-2018-2786)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.3)

Severity

Medium

Classification

CVE-2016-9457 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities