{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21663", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-02T15:00:02.870Z", "datePublished": "2026-01-20T20:48:47.974Z", "dateUpdated": "2026-01-21T20:42:21.072Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Revive", "product": "Revive Adserver", "versions": [{"version": "6", "status": "affected", "lessThanOrEqual": "6.0.4", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/3473696"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-20T20:48:47.974Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-21T20:41:47.623291Z", "id": "CVE-2026-21663", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T20:42:21.072Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21663", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T20:41:47.623291Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T20:42:10.635Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "Revive", "product": "Revive Adserver", "versions": [{"status": "affected", "version": "6", "versionType": "semver", "lessThanOrEqual": "6.0.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/3473696"}], "descriptions": [{"lang": "en", "value": "HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-20T20:48:47.974Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21663", "state": "PUBLISHED", "dateUpdated": "2026-01-21T20:42:21.072Z", "dateReserved": "2026-01-02T15:00:02.870Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-01-20T20:48:47.974Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aquaplatform:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AA08D1C-3638-4E0D-AC58-A8527E77536F", "versionEndIncluding": "6.0.4", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the banner-acl.php script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed."}], "id": "CVE-2026-21663", "lastModified": "2026-02-03T21:05:31.143", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-01-20T21:16:06.443", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/3473696"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T19:03:14.773644+00:00", "value": {"mitigation_remediation": ["Apply the latest Revive Adserver release that contains the banner\u2011acl.php patch.", "Validate and sanitize all input parameters passed to banner\u2011acl.php and ensure any reflected data is properly HTML\u2011escaped before output.", "Deploy a Content Security Policy that blocks inline scripts and restricts script sources to trusted domains."], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting (script execution for logged\u2011in administrators)"}, "threat_synthesis": {"affected_systems": "Any installation of Revive Adserver that has not been updated to include the vendor\u2019s fix for the banner\u2011acl.php script is affected. The advisory does not specify a version range, so all unpatched deployments are potentially vulnerable.", "description_and_impact": "The banner\u2011acl.php file of Revive Adserver contains a reflected cross\u2011site scripting vulnerability. By inserting a crafted URL that embeds HTML or JavaScript into a parameter, an attacker can cause the payload to be rendered when a logged\u2011in administrator opens the link. The resulting execution of malicious script compromises the administrator\u2019s session and can lead to credential theft, content defacement, or further lateral movement within the advertiser network.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate risk, while the EPSS score of less than 1% suggests a low immediate likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog, implying there are no publicly documented exploits. Successful exploitation requires an authenticated administrator to click the crafted link, so an attacker would likely rely on social engineering or a compromised email to deliver the malicious URL. Despite the low exploitation probability, the impact on privileged accounts makes this a high priority to remediate."}}}}, "created": "2026-01-21T11:18:47.226057+00:00", "title": "Reflected XSS in Revive Adserver Banner ACL", "updated": "2026-04-18T19:15:10.600783+00:00", "vendors": ["revive", "revive$PRODUCT$adserver"]}