CVE-2026-35466 PUBLISHED

Stored XSS via unsanitized input from remote service

Assigner: certcc
Reserved: 02.04.2026 Published: 02.04.2026 Updated: 03.04.2026

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services

Product Status

Vendor CERT/CC
Product cveClient/cveInterface.js
Versions Default: unaffected
  • affected from 0 to 1.0.24 (excl.)

Credits

  • Jerry Gamblin (https://github.com/jgamblin) finder

References

Problem Types

  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE