0
CVE-2026-44961
- EPSS 0.3%
- Veröffentlicht 23.06.2026 16:14:38
- Zuletzt bearbeitet 25.06.2026 19:52:36
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRevive
≫
Produkt
Adserver
Default Statusunaffected
Version <=
6.0.6
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.218 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| support@hackerone.com | 0 | 3.9 | 0 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://hackerone.com/reports/3680090