Description
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to the audit log details output.
Published: 2026-06-23
Score: 0 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross‑site scripting flaw allows an attacker to embed malicious JavaScript into usernames. When an administrator opens the audit log entry that displays the username, the application renders the value without proper escaping, causing the injected script to run in the admin’s browser. This flaw provides client‑side code execution only within the context of those privileged sessions that view the affected audit log details.

Affected Systems

The vulnerability impacts the Revive Adserver platform. No specific product versions are mentioned, so any deployed instance of Revive Adserver that uses the audit log and accepts user‑provided usernames could be affected.

Risk and Exploitability

The flaw requires an attacker to insert malicious content into a username and for an administrator to view that log entry. The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, so quantitative risk assessment is not possible. The risk is limited to scenarios where a malicious username can be created and where an admin subsequently accesses the audit log. The vendor has issued a fix that implements proper escaping for audit log output.

Generated by OpenCVE AI on June 24, 2026 at 01:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch that adds proper escaping to audit log details output.
  • Sanitize or validate username input on the server side to disallow unsafe characters.
  • Restrict audit log access to only those users who require it, and monitor for abuse of privileged audit‑log viewing.

Generated by OpenCVE AI on June 24, 2026 at 01:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://hackerone.com/reports/3680090 cve-icon
History

Wed, 24 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Stored Cross‑Site Scripting in Revive Adserver Audit Log via Username Field

Tue, 23 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stored Cross‑Site Scripting in Revive Adserver Audit Log via Username Field

Tue, 23 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Revive
Revive adserver
Vendors & Products Revive
Revive adserver

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to the audit log details output.
Weaknesses CWE-79
References
Metrics cvssV3_0

{'score': 0, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}

Subscriptions

Revive Adserver
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-23T17:46:02.076Z

Reserved: 2026-05-08T15:00:02.447Z

Link: CVE-2026-44960

cve-icon Vulnrichment

Updated: 2026-06-23T17:45:53.576Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T02:00:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')