CVE Catalog

CVE-2026-50742

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A stored XSS vulnerability exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. Entity names are displayed without proper escaping when inconsistencies are detected.

Risk Assessment

An attacker can inject a malicious script that executes in the administrator's browser when using the maintenance tools. This could lead to session theft, configuration changes, or data theft.

Recommendation

Immediately update Revive Adserver to the latest patched version. If updating is not possible, restrict access to the maintenance tools to trusted administrators only.

Original NVD description (English source)

A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS