Vulnerability identifier: #VU39352

Vulnerability risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9472

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Revive Adserver
Web applications / Other software

Vendor: OpenX Source

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Revive Adserver: 4.0.0

---

External links
http://github.com/revive-adserver/revive-adserver/commit/14ff73f0
http://github.com/revive-adserver/revive-adserver/commit/fcf72c8a
http://hackerone.com/reports/170156
http://www.revive-adserver.com/security/revive-sa-2016-002/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.