{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T06:23:55.216","vulnerabilities":[{"cve":{"id":"CVE-2016-9130","sourceIdentifier":"support@hackerone.com","published":"2017-03-28T02:59:00.557","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script."},{"lang":"es","value":"Revive Adserver en versiones anteriores a 3.2.3 sufre de XSS persistente. Existe un vector para ataques XSS persistentes a través de la interfaz de usuario Revive Adserver, requiriendo una cuenta de confianza (no admin). El nombre del sitio web no se fugó correctamente cuando se muestra en el script campaign-zone.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.2","matchCriteriaId":"94F64F5A-ACD3-4AED-82BE-832D7B4801DA"}]}]}],"references":[{"url":"https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83","source":"support@hackerone.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.revive-adserver.com/security/revive-sa-2016-001/","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.revive-adserver.com/security/revive-sa-2016-001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}