- Description
- Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
- Source
- support@hackerone.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 3.1
- Impact score
- 2.5
- Exploitability score
- 0.5
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:N/AC:H/Au:S/C:N/I:P/A:N
- nvd@nist.gov
- NVD-CWE-Other
- support@hackerone.com
- CWE-75
- Hype score
- Not currently trending
- Comment
- <a href="http://cwe.mitre.org/data/definitions/75.html">CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)</a>
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34AB418F-BAAC-4C3D-9565-14A5E4F48970",
"versionEndIncluding": "3.2.4"
},
{
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D6CDCD2-5AA9-4CBB-9AB7-3CD6D2A5F23E"
}
],
"operator": "OR"
}
]
}
]