98 matches found
EUVD-2026-24096
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150...
CVE-2026-6755 Mitigation bypass in the DOM: postMessage component
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6755
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6755
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
KLA90991 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote...
CVE-2026-2433
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
CVE-2026-2433 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
CVE-2026-2433
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
PT-2026-23847
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
CVE-2026-26861
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...
CVE-2026-26862
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...
Cross-site Scripting (XSS)
Overview clevertap-web-sdk is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handleCustomHtmlPreviewPostMessageEvent function due to insufficient origin validation using the includes method. An attacker can execute arbitrary scripts in the context of the...
EUVD-2026-9038
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...
GHSA-J5MF-6RH3-RHGG CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...
CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...
CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...
PT-2026-22366
Name of the Vulnerable Software and Affected Versions CleverTap Web SDK versions 1.15.2 and earlier Description The CleverTap Web SDK is susceptible to a Cross-Site Scripting XSS issue through the window.postMessage functionality. The handleCustomHtmlPreviewPostMessageEvent function, located in...
PT-2026-22368
Name of the Vulnerable Software and Affected Versions CleverTap Web SDK versions 1.15.2 and earlier Description The CleverTap Web SDK is susceptible to a DOM-based Cross-Site Scripting XSS issue. This occurs due to insufficient origin validation within the Visual Builder module, specifically in t...
CVE-2026-26862
CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...
CVE-2026-26862
CVE-2026-26862 affects CleverTap Web SDK