{"id":"CVE-2016-9471","details":"Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.","modified":"2026-04-10T03:54:16.094028Z","published":"2017-03-28T02:59:01.340Z","references":[{"type":"REPORT","url":"https://hackerone.com/reports/128181"},{"type":"FIX","url":"https://github.com/revive-adserver/revive-adserver/commit/05b1eceb"},{"type":"FIX","url":"https://www.revive-adserver.com/security/revive-sa-2016-002/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/revive-adserver/revive-adserver","events":[{"introduced":"0"},{"last_affected":"e8cdc928336aee189521a8bdc93f5c485a901d9c"},{"introduced":"0"},{"last_affected":"819d7e22daf19dcb38c21d5ff0788c7e00d1350d"},{"fixed":"05b1eceb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2.4"},{"introduced":"0"},{"last_affected":"4.0.0"}]}}],"versions":["v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.1.0","v3.1.0-beta","v3.2.0","v3.2.0-beta","v3.2.1","v3.2.1-rc1","v3.2.3","v3.2.4","v4.0.0","v4.0.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9471.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"}]}