CVE-2026-50745
4.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Revive | Adserver | 0 <= 6.0.7 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS) - Reflected
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.