CVE-2026-50742

Source
https://cve.org/CVERecord?id=CVE-2026-50742
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50742.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-50742
Published
2026-06-26T01:11:14.243Z
Modified
2026-07-15T01:49:04.232019415Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.

Database specific
{
    "cna_assigner": "hackerone",
    "cwe_ids": [
        "CWE-79"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "6.0.7"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50742.json"
}
References

Affected packages

Git / github.com/revive-adserver/revive-adserver

Affected ranges

Type
GIT
Repo
https://github.com/revive-adserver/revive-adserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.8"
        }
    ]
}

Affected versions

v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v3.1.0-beta
v3.2.0
v3.2.0-beta
v3.2.1
v3.2.1-rc1
v4.*
v4.0.0
v4.0.0-rc1
v4.0.1
v4.0.2
v4.1.0
v4.1.0-rc1
v4.1.2
v4.1.3
v4.1.4
v4.2.0
v4.2.0-rc1
v4.2.1
v5.*
v5.0.0
v5.0.0-rc1
v5.0.1
v5.0.3
v5.0.4
v5.0.5
v5.1.0
v5.1.0-rc1
v5.1.1
v5.2.0
v5.2.1
v5.3.0
v5.3.0-rc1
v5.4.0
v5.4.0-rc1
v5.4.1
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50742.json"