CVE-2026-50745

Published Jun 26, 2026

Last updated 5 days ago

Overview

Description
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.
Source
support@hackerone.com
NVD status
Analyzed
Products
revive_adserver

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

CVSS 3.0

Type
Secondary
Base score
4.7
Impact score
2.7
Exploitability score
1.6
Vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

support@hackerone.com
CWE-79

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.