Lucene search
HackeroneCVELIST:CVE-2016-9127HistoryMar 28, 2017 - 2:46 a.m.
CVE-2016-9127
2017-03-2802:46:00
CWE-352
hackerone
www.cve.org
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.
CNA Affected
[
{
"product": "Revive Adserver All versions before 3.2.3",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Revive Adserver All versions before 3.2.3"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2017-03-28 02:59:00
nvd
nvd
CVE-2016-9127
2017-03-28 02:59:00
osv
osv
CVE-2016-9127
2017-03-28 02:59:00
cve
cve
CVE-2016-9127
2017-03-28 02:59:00
openvas
openvas
Revive Adserver Multiple Vulnerabilities
2016-10-04 00:00:00