CVE-2026-50742

Published Jun 26, 2026

Last updated 5 days ago

Overview

Description
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.
Source
support@hackerone.com
NVD status
Analyzed
Products
revive_adserver

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

CVSS 3.0

Type
Secondary
Base score
4.4
Impact score
2.7
Exploitability score
1.3
Vector string
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

support@hackerone.com
CWE-79

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.