Home

Description

XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services

PUBLISHED Reserved 2026-04-02 | Published 2026-04-02 | Updated 2026-04-03 | Assigner certcc

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

Any version before 1.0.24
affected

Credits

Jerry Gamblin (https://github.com/jgamblin) finder

References

github.com/CERTCC/cveClient/pull/37 (Patch PR)

github.com/CERTCC/cveClient (GitHub Repository)

cve.org (CVE-2026-35466)

nvd.nist.gov (CVE-2026-35466)

Download JSON