CVE-2026-50742 — MEDIUM (4.4)

Vulnerability Description

A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.

CVSS Score

4.4

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-79

References

https://hackerone.com/reports/3781311

FAQ

What is CVE-2026-50742?

CVE-2026-50742 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without ...

How severe is CVE-2026-50742?

CVE-2026-50742 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-50742?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.