← back
CVE-2026-50745

CVE-2026-50745

CVSS 4.7 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input to be reflected without escaping.
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Revive · Adserver