Lucene search
+L

4 matches found

EUVD
EUVD
added 2026/06/26 1:11 a.m.10 views

EUVD-2026-39604

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS6.3AI score0.00222EPSS
Exploits1References1
OSV
OSV
added 2026/06/26 1:11 a.m.4 views

CVE-2026-50740

A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks...

6.1CVSS6.4AI score0.00222EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52648

Name of the Vulnerable Software and Affected Versions Revive Adserver versions prior to 6.0.8 Description Insufficient sanitization of user input in the 'zone-include.php' script allows a low-privileged user to execute reflected Cross-Site Scripting XSS attacks. This occurs through the refresh...

6.1CVSS6.5AI score0.00222EPSS
Exploits1References11
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.18 views

Helpful < 4.4.59 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the System Miscellaneous Custom Timezone setting of the plugin: " The...

4.8CVSS1AI score0.00733EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder