Back to overview

CVE-2026-50740

MEDIUM
6.1
CVSS 3.0
Description
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks.

Metadata

CVE ID
CVE-2026-50740
State
PUBLISHED
Assigner
hackerone
Reserved
2026-06-06 15:00 UTC
Published
2026-06-26 01:11 UTC
Last updated
2026-06-26 01:11 UTC
Primary CWE
CWE-79
CWE-79 Cross-site Scripting (XSS) - Reflected
Vendor / Product
Revive / Adserver
Sources
cve.org  ·  NVD

Severity & Metrics

6.1 MEDIUM CVSS 3.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
Revive Adserver 0 ≤ 6.0.7
Weakness (CWE)
CWESourceDescription
CWE-79 cna CWE-79 Cross-site Scripting (XSS) - Reflected
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.1 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References (1)
Back to overview