All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-50742
MEDIUMpublished 2026-06-26 02:16 UTC · 3 days ago · modified 2026-06-26 16:11 UTC
4.4
CVSS / 10
// description
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.
// cvss 3.0 vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
// weaknesses (CWE)
- CWE-79