{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-50742", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-06-06T15:00:09.779Z", "datePublished": "2026-06-26T01:11:14.243Z", "dateUpdated": "2026-06-26T12:25:33.119Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Revive", "product": "Adserver", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.0.7", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/3781311"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS) - Stored"}]}], "credits": [{"lang": "en", "value": "Althaf Shajahan (AnGrY)", "type": "finder"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-06-26T01:11:14.243Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-26T12:25:20.510870Z", "id": "CVE-2026-50742", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-26T12:25:33.119Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-50742", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-26T12:25:20.510870Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-26T12:25:29.121Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Althaf Shajahan (AnGrY)"}], "metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "Revive", "product": "Adserver", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.0.7"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/3781311"}], "descriptions": [{"lang": "en", "value": "A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS) - Stored"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-06-26T01:11:14.243Z"}}}, "cveMetadata": {"cveId": "CVE-2026-50742", "state": "PUBLISHED", "dateUpdated": "2026-06-26T12:25:33.119Z", "dateReserved": "2026-06-06T15:00:09.779Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-06-26T01:11:14.243Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.0.7]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Adserver", "source": "cna", "vendor": "Revive"}, "product": "adserver", "vendor": "revive"}], "created": "2026-06-26T04:00:07.183933+00:00", "title": "Stored XSS in Revive AdServer Maintenance Tools", "updated": "2026-06-26T05:30:17.249486+00:00", "vendors": ["revive", "revive$PRODUCT$adserver"]}