Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/95875 | |
https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2017/02/02/3 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/95875 | |
https://www.revive-adserver.com/security/revive-sa-2017-001/ | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 03:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2017/02/02/3 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/95875 - | |
References | () https://www.revive-adserver.com/security/revive-sa-2017-001/ - Patch, Vendor Advisory |
Information
Published : 2017-03-03 15:59
Updated : 2024-11-21 03:28
NVD link : CVE-2017-5833
Mitre link : CVE-2017-5833
CVE.ORG link : CVE-2017-5833
JSON object : View
Products Affected
revive-adserver
- revive_adserver
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')