Medium severity5.4NVD Advisory· Published Mar 28, 2017· Updated Jun 17, 2026
CVE-2016-9126
CVE-2016-9126
Description
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*range: <=3.2.2
- (no CPE)range: <3.2.3
Patches
Vulnerability mechanics
References
3- github.com/revive-adserver/revive-adserver/commit/8d8c6df309ff5fde9dd4770abcd4ec5d2449b3ecnvdIssue TrackingPatchThird Party Advisory
- www.revive-adserver.com/security/revive-sa-2016-001/nvdPatchVendor Advisory
- hackerone.com/reports/97073nvdPermissions Required
News mentions
0No linked articles in our index yet.