CVE-2026-50740

MEDIUM 6.1

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

0th

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks.

CWE	CWE-79
Vendor	revive
Product	adserver
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for revive adserver

Be the first to know when new medium vulnerabilities affecting revive adserver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Versions

Revive / Adserver

0 ≤ 6.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hackerone.com: https://hackerone.com/reports/3780806

Credits

Mahmoud Khaled (Kanon4)