Description
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious JavaScript payload executed due to missing output sanitisation. Proper escaping has been added to the userlog details output.
Published: 2026-06-23
Score: 0 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Low‑privileged users can embed malicious JavaScript into their Full Name, which is stored in the details field of system‑ content through userlog-details.php, the unsanitized script executes in the administrator’s browser, allowing the attacker to run arbitrary code in the context of an administrator session. This stored cross‑site scripting CWE‑79 and can lead to compromise of the administrator’s privileges and subsequent system‑wide impact if exploited. The affected component is the area that renders userlog details without proper output escaping.

Affected Systems

The vulnerability affects the Revive:Adserver product. No specific product versions are identified in the advisory, so any currently deployed instance impacted until the vendor implements the sanitization fix. Administrators should verify the presence of the patch in their installed vendor for an update.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog, indicating that no widespread exploitation has been publicly documented. However, the flaw carries a high potential impact: once a low‑privileged user injects a script into their Full Name, any administrator who opens the corresponding email log will trigger that script, giving the attacker the ability to execute code with administrator privileges. The lack of an available CVSS score does not diminish the severity implied by the description; the risk remains significant until the proper escaping is deployed.

Generated by OpenCVE AI on June 24, 2026 at 11:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Revive:Adserver to the latest version that includes the output escaping fix for userlog details
  • If an update is not yet available, restrict the ability of low‑privileged users to modify their Full Name field, or validate and sanitize the field on input to strip executable scripts
  • Limit or control administrator access to the userlog-details.php page, ensuring only trusted administrators can view untrusted log content

Generated by OpenCVE AI on June 24, 2026 at 11:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Wed, 24 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Title Stored XSS via User Full Name Field in System-Generated Email Logs

Wed, 24 Jun 2026 08:30:00 +0000

Type Values Removed Values Added
Title Stored XSS via User Full Name Field in System-Generated Email Logs

Wed, 24 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Stored XSS through user full name in Revive:Adserver

Wed, 24 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Title Stored XSS through user full name in Revive:Adserver

Tue, 23 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Stored XSS via User Full Name in Admin Email Logs

Tue, 23 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Revive
Revive adserver
Vendors & Products Revive
Revive adserver

Tue, 23 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Title Stored XSS via User Full Name in Admin Email Logs

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious JavaScript payload executed due to missing output sanitisation. Proper escaping has been added to the userlog details output.
Weaknesses CWE-79
References
Metrics cvssV3_0

{'score': 0, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-23T17:25:34.164Z

Reserved: 2026-05-08T15:00:02.446Z

Link: CVE-2026-44956

cve-icon Vulnrichment

Updated: 2026-06-23T17:25:22.378Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T11:15:04Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')