Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2015-7365
StatusCandidate
DescriptionCross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.
Severity
Medium
CVSS score4,3
CVSS vector(AV:N/AC:M/Au:N/C:N/I:P/A:N)
PhaseAssigned (25.09.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7365
ReferencesBUGTRAQ : 20151007 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
 FULLDISC : 20151008 [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
 MISC : http://packetstormsecurity.com/files/133893/Revive...
 CONFIRM : http://www.revive-adserver.com/security/revive-sa-...
SecurityVulns:Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod