Skip to main content

Revive Adserver EUVDEUVD-2026-38503

| CVE-2026-44960 NONE
Cross-site Scripting (XSS) (CWE-79)
2026-06-23 hackerone GHSA-x9c4-8c9x-8j5h

Severity by source

Vendor (hackerone) PRIMARY
0.0 NONE
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
vuln.today AI
8.7 HIGH

Low-privilege account needed to set malicious username (PR:L); admin must view audit log details (UI:R); payload executes in admin browser scope (S:C); session and integrity fully compromised (C:H/I:H); no availability impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 23, 2026 - 17:08 vuln.today

DescriptionCVE.org

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to the audit log details output.

AnalysisAI

Stored XSS in Revive Adserver allows arbitrary JavaScript execution in an administrator's browser by embedding payloads in usernames that are later rendered unsanitized in the audit log details view. The attack persists in the platform's audit trail and fires when any admin reviews the affected log entries - a routine administrative activity, not a rare or unusual trigger. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register or control account with JS payload in username
Delivery
Perform platform actions generating audit log entries
Exploit
Await administrator review of audit log details
Execution
Payload executes in admin browser context
Impact
Exfiltrate admin session cookie or perform privileged administrative action

Vulnerability AssessmentAI

Exploitation Exploitation requires both conditions to be met simultaneously: the attacker must control a username within the Revive Adserver instance - either via self-registration if enabled, or via an existing authenticated low-privilege account - and an administrator must actively navigate to the audit log details view for log entries associated with that username. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk within Revive Adserver deployments is moderate to high despite the absence of a CVSS score and KEV listing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege account on the Revive Adserver instance sets their username to a JavaScript payload - for example, a cookie-exfiltration script targeting the admin session. The attacker then performs any platform action that generates an audit log entry attributed to their username. …
Remediation The vendor has addressed the vulnerability by adding proper HTML output escaping to the audit log details rendering path. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-26756 HIGH POC
7.5 Apr 14

The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vuln

CVE-2026-50741 HIGH
8.8 Jun 26

Remote code execution in Revive Adserver is reachable by authenticated low-privilege users who bypass the prior fix for

CVE-2026-44959 HIGH
8.8 Jun 23

Authenticated PHP code injection in Revive Adserver 6.0.6 and earlier allows a low-privileged user to smuggle an unexpec

CVE-2026-34914 HIGH
8.3 Jun 23

Blind SQL injection in Revive Adserver 6.0.6 and earlier allows authenticated low-privileged users to inject arbitrary S

CVE-2026-50745 MEDIUM
6.1 Jun 26

Reflected cross-site scripting in Revive Adserver's stats-video.php script allows remote attackers to inject arbitrary J

CVE-2026-34915 MEDIUM
6.1 Jun 23

Blind SQL injection in Revive Adserver 6.0.6 and earlier allows a low-privileged authenticated user to exfiltrate databa

CVE-2026-50740 MEDIUM
5.4 Jun 26

Reflected XSS in Revive Adserver 6.0.7 and earlier allows a low-privileged user to inject unsanitized JavaScript via the

CVE-2026-50742 MEDIUM
5.4 Jun 26

Stored cross-site scripting in Revive Adserver 6.0.7 allows an authenticated low-privilege attacker to inject persistent

CVE-2026-44958 MEDIUM
5.4 Jun 23

Privilege escalation within Revive Adserver 6.0.6 and earlier allows authenticated advertiser-level users to activate or

CVE-2026-34917 MEDIUM
4.3 Jun 23

Session context confusion in Revive Adserver allows a low-privileged web admin console user to reuse their session ID ag

CVE-2026-50744 MEDIUM
4.3 Jun 26

Session fixation via failed authentication in Revive Adserver 6.0.7's XML-RPC API allows a low-privileged attacker to by

CVE-2026-50739 MEDIUM
4.3 Jun 26

Ownership validation bypass in Revive Adserver 6.0.7 and earlier allows a low-privileged authenticated user to link thei

Share

EUVD-2026-38503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy