{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T20:08:33.579","vulnerabilities":[{"cve":{"id":"CVE-2026-21642","sourceIdentifier":"support@hackerone.com","published":"2026-01-20T21:16:06.310","lastModified":"2026-01-30T20:14:51.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed."},{"lang":"es","value":"El miembro de la comunidad de HackerOne Patrick Lang (7yr) ha reportado una vulnerabilidad de XSS reflejado en los scripts 'banner-acl.php' y 'channel-acl.php' de Revive Adserver. Un atacante puede crear una URL específica que incluye una carga útil HTML en un parámetro. Si un administrador con sesión iniciada visita la URL, el HTML se envía al navegador y se ejecutarían scripts maliciosos."}],"metrics":{"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aquaplatform:revive_adserver:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.4","matchCriteriaId":"FB1E6D97-42AD-4A1B-89B3-86356A4B5E59"}]}]}],"references":[{"url":"https://hackerone.com/reports/3470970","source":"support@hackerone.com","tags":["Third Party Advisory"]}]}}]}