Stored XSS Vulnerability in Revive Adserver by Revive
CVE-2026-50742

4.4MEDIUM

Key Information:

Vendor: Revive
Status: Adserver
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-50742?

A stored Cross-Site Scripting (XSS) vulnerability exists in the maintenance tools of Revive Adserver version 6.0.7. This issue arises when entity names are rendered without adequate escaping, particularly during inconsistency checks. Attackers could exploit this vulnerability to manipulate the affected maintenance tools, posing risks when administrators interact with them, as the execution of the XSS payload may not be entirely under the attacker's control.

Affected Version(s)

Adserver 0 <= 6.0.7

References

https://hackerone.com/reports/3781311

CVSS V3.0

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 6, 2026

Credit

Althaf Shajahan (AnGrY)

CVE-2026-50742 Data

JSON