CVE-2026-35466

MEDIUM

Stored XSS via unsanitized input from remote service

Title source: cna

Description

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services

References (2)

Scores

CVSS v3 6.1
EPSS 0.0003
EPSS Percentile 9.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
CERT/CC/cveClient/cveInterface.js < 1.0.24
Published Apr 02, 2026
Tracked Since Apr 03, 2026