CVE-2016-9454 - OpenCVE

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Revive-adserver	Revive Adserver

Configuration 1 [-]

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/83964
https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83	Issue Tracking Patch Third Party Advisory
https://www.revive-adserver.com/security/revive-sa-2016-001/	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2017-03-28T02:46:00

Updated: 2017-03-29T09:57:01

Reserved: 2016-11-19T00:00:00

Link: CVE-2016-9454

JSON object: View

NVD Information

Status : Modified

Published: 2017-03-28T02:59:00.590

Modified: 2017-03-30T01:59:01.440

Link: CVE-2016-9454

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Revive Adserver All versions before 3.2.3", "vendor": "n/a", "versions": [{"status": "affected", "version": "Revive Adserver All versions before 3.2.3"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-03-29T09:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"name": "83964", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/83964"}, {"tags": ["x_refsource_MISC"], "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2016-9454", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Revive Adserver All versions before 3.2.3", "version": {"version_data": [{"version_value": "Revive Adserver All versions before 3.2.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "83964", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83964"}, {"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/", "refsource": "MISC", "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"}, {"name": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83", "refsource": "MISC", "url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2016-9454", "datePublished": "2017-03-28T02:46:00", "dateReserved": "2016-11-19T00:00:00", "dateUpdated": "2017-03-29T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "94F64F5A-ACD3-4AED-82BE-832D7B4801DA", "versionEndIncluding": "3.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages."}, {"lang": "es", "value": "Revive Adserver en versiones anteriores a 3.2.3 sufre de Persistent XSS. Existe un vector para ataques XSS persistentes a trav\u00e9s de la interfaz de usuario Revive Adserver, que requiere una cuenta de confianza (no admin). La imagen del banner URL para banners externos no se fug\u00f3 correctamente cuando se visualiz\u00f3 en la mayor\u00eda de las p\u00e1ginas relacionadas con banners."}], "id": "CVE-2016-9454", "lastModified": "2017-03-30T01:59:01.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-28T02:59:00.590", "references": [{"source": "support@hackerone.com", "url": "http://www.securityfocus.com/bid/83964"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}]}