CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9456
https://notcve.org/view.php?id=CVE-2016-9456
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. Revive Adserver en versiones anteriores a 3.2.3 sufre de solicitud de falsificación en sitios cruzados (CSRF). El equipo Revive Adserver realizó una auditoría de seguridad de los scripts de interfaz de administración a fin de identificar y corregir otras vulnerabilidades potenciales de CSRF. • http://www.securityfocus.com/bid/83964 https://github.com/revive-adserver/revive-adserver/commit/e563ca61e4f3b7210cb61f53284adaa8aef4a49a https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9471
https://notcve.org/view.php?id=CVE-2016-9471
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver. Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufre de inyección de elemento especial. • https://github.com/revive-adserver/revive-adserver/commit/05b1eceb https://hackerone.com/reports/128181 https://www.revive-adserver.com/security/revive-sa-2016-002 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9125
https://notcve.org/view.php?id=CVE-2016-9125
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session. Revive Adserver en versiones anteriores a 3.2.3 sufre fijación de la sesión, al permitir que los identificadores de sesión arbitrarios sean forzados, y al mismo tiempo, al no invalidar la sesión existente tras una autenticación satisfactoria. Bajo algunas circunstancias, que podrían haber sido una oportunidad para que un atacante robara una sesión autenticada. • https://github.com/revive-adserver/revive-adserver/commit/4910365631eabbb208961c36149f41cc8159fb39 https://hackerone.com/reports/93809 https://hackerone.com/reports/93813 https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9457
https://notcve.org/view.php?id=CVE-2016-9457
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS reflejado. `www/admin/stats.php` es vulnerable a los ataques XSS reflejados a través de múltiples parámetros que no se desinfectan correctamente o se escapan cuando se muestran, como setPerPage, pageId, bannerid, period_start, period_end y posiblemente otros. • http://www.securityfocus.com/bid/83964 https://github.com/revive-adserver/revive-adserver/commit/ecbe822b48ef4ff61c2c6357c0c94199a81946f4 https://hackerone.com/reports/107879 https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9454
https://notcve.org/view.php?id=CVE-2016-9454
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages. Revive Adserver en versiones anteriores a 3.2.3 sufre de Persistent XSS. Existe un vector para ataques XSS persistentes a través de la interfaz de usuario Revive Adserver, que requiere una cuenta de confianza (no admin). • http://www.securityfocus.com/bid/83964 https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83 https://www.revive-adserver.com/security/revive-sa-2016-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •