Vulnerability identifier: #VU39352
Vulnerability risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-79
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Revive Adserver
Web applications /
Other software
Vendor: OpenX Source
Description
The vulnerability allows a remote authenticated user to read and manipulate data.
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Revive Adserver: 4.0.0
External links
http://github.com/revive-adserver/revive-adserver/commit/14ff73f0
http://github.com/revive-adserver/revive-adserver/commit/fcf72c8a
http://hackerone.com/reports/170156
http://www.revive-adserver.com/security/revive-sa-2016-002/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.