Security Advisory

CVE-2026-21642

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-20 20:48:48

Last updated 2026-01-21 20:47:21

Assigner hackerone

State PUBLISHED

Description

HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed.

← Browse all CVEs View on cve.org ↗