CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

84 matches found

RedhatCVE•added 2026/02/28 1:54 a.m.•2 views

CVE-2026-26861

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...

8.3CVSS5.9AI score0.00009EPSS

Exploits1References1

Github Security Blog•added 2026/02/27 6:31 p.m.•3 views

CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...

8.3CVSS5.9AI score0.00009EPSS

Exploits1References6Affected Software1

Github Security Blog•added 2026/02/27 6:31 p.m.•5 views

CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00021EPSS

Exploits1References7Affected Software1

EUVD•added 2026/02/27 6:31 p.m.•2 views

EUVD-2026-9039

8.3CVSS5.9AI score0.00021EPSS

Exploits1References4

OSV•added 2026/02/27 6:16 p.m.•2 views

CVE-2026-26861

8.3CVSS5.8AI score

Exploits0References3

NVD•added 2026/02/27 6:16 p.m.•2 views

CVE-2026-26861

8.3CVSS0.00009EPSS

Exploits1References3

CNNVD•added 2026/02/27 12:0 a.m.•4 views

CleverTap Web SDK 安全漏洞

The CleverTap Web SDK is an open-source developer toolkit developed by CleverTap. The CleverTap Web SDK versions 1.15.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the insufficient source verification in the handleCustomHtmlPreviewPostMessageEvent function within...

8.3CVSS5.6AI score0.00009EPSS

Exploits1References3

ATTACKERKB•added 2026/02/27 12:0 a.m.•3 views

CVE-2026-26862

8.3CVSS5.9AI score0.00021EPSS

Exploits1References4

Cvelist•added 2026/02/27 12:0 a.m.•16 views

CVE-2026-26862

0.00021EPSS

Exploits1References3

CNNVD•added 2026/02/27 12:0 a.m.•4 views

CleverTap Web SDK 安全漏洞

The CleverTap Web SDK is an open-source developer toolkit developed by CleverTap. Versions of the CleverTap Web SDK prior to 1.15.2 contain security vulnerabilities. These vulnerabilities stem from the source validation in the Visual Builder module, where the includes method is used to check...

8.3CVSS5.6AI score0.00021EPSS

Exploits1References3

ATTACKERKB•added 2026/02/27 12:0 a.m.•3 views

CVE-2026-26861

8.3CVSS5.9AI score0.00009EPSS

Exploits1References4

CVE•added 2026/02/27 12:0 a.m.•4 views

CVE-2026-26861

CVE-2026-26861 affects the CleverTap Web SDK up to version 1.15.2. The issue is an XSS vulnerability via window.postMessage triggered by the function handleCustomHtmlPreviewPostMessageEvent in src/util/campaignRender/nativeDisplay.js, which performs insufficient origin validation using the JavaSc...

8.3CVSS5.9AI score0.00009EPSS

Exploits1References3Affected Software1