CVE-2026-50742
Summary
| CVE | CVE-2026-50742 |
|---|---|
| State | PUBLISHED |
| Assigner | hackerone |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-26 02:16:53 UTC |
| Updated | 2026-06-29 20:20:29 UTC |
| Description | A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control. |
Risk And Classification
Primary CVSS: v3.1 5.4 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.001920000 probability, percentile 0.090840000 (date 2026-06-30)
Problem Types: CWE-79 | CWE-79 CWE-79 Cross-site Scripting (XSS) - Stored
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| 3.0 | [email protected] | Secondary | 4.4 | MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N |
| 3.0 | CNA | DECLARED | 4.4 | MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
LowIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
LowIntegrity
LowAvailability
NoneCVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Revive-adserver | Revive Adserver | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| hackerone.com/reports/3781311 | [email protected] | hackerone.com | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Althaf Shajahan (AnGrY) (en)
There are currently no legacy QID mappings associated with this CVE.