7 matches found
CVE-2026-21663
HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser a...
CVE-2026-21642
HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...
CVE-2026-21642
HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...
CVE-2026-21663
HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser a...
CVE-2026-21663
CVE-2026-21663 is a reflected XSS vulnerability in Revive Adserver’s banner-acl.php script. An attacker can craft a URL with an HTML payload in a parameter (e.g., cap) that, when visited by a logged-in administrator, causes the payload to execute in the administrator’s browser. Multiple sources (...
PT-2026-3660
HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser a...
Revive Adserver: Reflected XSS in banner-acl.php and channel-acl.php via executionorder
Vulnerability description not provided...