Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ReviveAdserver Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-9126 - Vulnerability Database
ReviveAdserver

ReviveAdserver Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-9126

Medium
Reference: CVE-2016-9126
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-9126
Title: ReviveAdserver Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.