CVE-2026-50742

MEDIUM

Revive Adserver < 6.0.7 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Title source: rule
STIX 2.1

Description

A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.

References (1)

Core 1

Scores

CVSS v3 5.4
EPSS 0.0020
EPSS Percentile 9.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
Revive/Adserver < 6.0.7
revive-adserver/revive_adserver < 6.0.8
Published Jun 26, 2026
Tracked Since Jun 26, 2026