Stored XSS Vulnerability in Userlog Details for Web Applications by Vendor
CVE-2026-44956

Currently unrated

Key Information:

Vendor: Revive
Status: Adserver
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-44956?

A vulnerability exists that allows low-privileged users to exploit their Full Name as a vector for a stored Cross-Site Scripting (XSS) attack. This occurs when the user's name is included in system-generated emails, which are then stored in the userlog table. If an administrator views the email content via userlog-details.php, any embedded malicious JavaScript payload could execute due to a lack of output sanitisation. Proper escaping has now been implemented in the userlog details output to mitigate this risk.

Affected Version(s)

Adserver 0 <= 6.0.6

References

https://hackerone.com/reports/3669623

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 8, 2026

Credit

barcrange (3l4)

CVE-2026-44956 Data

JSON

Revive

What is CVE-2026-44956?

Affected Version(s)

References

Timeline

Credit