CVE-2026-35466
MEDIUMStored XSS via unsanitized input from remote service
Title source: cnaDescription
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
References (2)
Core 2
Core References
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
10.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
CERT/CC/cveClient/cveInterface.js
< 1.0.24
cmu/cveclient
< 1.0.24
Published
Apr 02, 2026
Tracked Since
Apr 03, 2026