CVE-2016-9472

{"id": "CVE-2016-9472", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2017-03-28T02:59:01.387", "references": [{"url": "https://github.com/revive-adserver/revive-adserver/commit/14ff73f0", "tags": ["Permissions Required", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://github.com/revive-adserver/revive-adserver/commit/fcf72c8a", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/170156", "tags": ["Permissions Required"], "source": "support@hackerone.com"}, {"url": "https://www.revive-adserver.com/security/revive-sa-2016-002/", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narrow and it is very unlikely that such an attack could be actually effective."}, {"lang": "es", "value": "Revive Adserver en versiones anteriores a 3.2.5 y 4.0.0 sufren de XSS reflejado. Los scripts del instalador web de Revive Adserver eran vulnerables a un ataque XSS reflejado a trav\u00e9s de dbHost, dbUser y posiblemente otros par\u00e1metros. Debe tenerse en cuenta que la ventana para que tales vectores de ataque sean posibles es extremadamente estrecha y es muy improbable que tal ataque pueda ser efectivamente efectivo."}], "lastModified": "2019-10-09T23:20:30.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34AB418F-BAAC-4C3D-9565-14A5E4F48970", "versionEndIncluding": "3.2.4"}, {"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D6CDCD2-5AA9-4CBB-9AB7-3CD6D2A5F23E"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}