CVE-2026-35466
Stored XSS via unsanitized input from remote service
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
CERT/CC · cveClient/cveInterface.jsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →