Stored XSS Vulnerability in Audit Log for Affected Product by Vendor
CVE-2026-44960

Currently unrated

Key Information:

Vendor: Revive
Status: Adserver
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-44960?

A stored XSS vulnerability exists in the audit log feature of the affected product, where an attacker can exploit the system by embedding malicious JavaScript in usernames. When an admin reviews the audit log for specific entries, the embedded script is executed due to improper output sanitization. This can lead to unauthorized actions performed through the browser, compromising security. The vendor has addressed this issue by implementing proper escaping to prevent such attacks.

Affected Version(s)

Adserver 0 <= 6.0.6

References

https://hackerone.com/reports/3680090

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 8, 2026

Credit

barcrange (3l4)

CVE-2026-44960 Data

JSON

Revive

What is CVE-2026-44960?

Affected Version(s)

References

Timeline

Credit