CVE-2026-44956
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious JavaScript payload executed due to missing output sanitisation. Proper escaping has been added to the userlog details output.
| CWE | CWE-79 |
| Vendor | revive |
| Product | adserver |
| Published | Jun 23, 2026 |
| Last Updated | Jun 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for revive adserver
Be the first to know when new unknown vulnerabilities affecting revive adserver are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Affected Versions
Revive / Adserver
0 ≤ 6.0.6
Credits
🔍 barcrange (3l4)