CVE-2026-50742
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A stored XSS vulnerability exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. Entity names are displayed without proper escaping when inconsistencies are detected.
Risk Assessment
An attacker can inject a malicious script that executes in the administrator's browser when using the maintenance tools. This could lead to session theft, configuration changes, or data theft.
Recommendation
Immediately update Revive Adserver to the latest patched version. If updating is not possible, restrict access to the maintenance tools to trusted administrators only.
Original NVD description (English source)
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.

