CVE-2026-50745

MEDIUM 4.7

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

0th

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.

CWE	CWE-79
Vendor	revive
Product	adserver
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for revive adserver

Be the first to know when new medium vulnerabilities affecting revive adserver are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Versions

Revive / Adserver

0 ≤ 6.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

hackerone.com: https://hackerone.com/reports/3793243

Credits

Mahmoud Khaled (Kanon4)