cvedb.io
CVE-2016-9126
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2017-03-28T02:59:00.417 · Last modified 2026-06-17T00:55:33.723

Summary

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.

Affected products

revive-adserver — revive_adserver

Does this affect you?

Add your gear to cvedb and we'll alert you only when revive-adserver ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.