{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T10:44:56.967","vulnerabilities":[{"cve":{"id":"CVE-2016-9454","sourceIdentifier":"support@hackerone.com","published":"2017-03-28T02:59:00.590","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages."},{"lang":"es","value":"Revive Adserver en versiones anteriores a 3.2.3 sufre de Persistent XSS. Existe un vector para ataques XSS persistentes a través de la interfaz de usuario Revive Adserver, que requiere una cuenta de confianza (no admin). La imagen del banner URL para banners externos no se fugó correctamente cuando se visualizó en la mayoría de las páginas relacionadas con banners."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.2","matchCriteriaId":"94F64F5A-ACD3-4AED-82BE-832D7B4801DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/83964","source":"support@hackerone.com"},{"url":"https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83","source":"support@hackerone.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.revive-adserver.com/security/revive-sa-2016-001/","source":"support@hackerone.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/83964","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/revive-adserver/revive-adserver/commit/f6880330a8e11e804663f132867e9eb9b1f94e83","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.revive-adserver.com/security/revive-sa-2016-001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}