2 matches found
CVE-2026-26862
CVE-2026-26862 affects CleverTap Web SDK
CVE-2026-26861
CVE-2026-26861 affects the CleverTap Web SDK up to version 1.15.2. The issue is an XSS vulnerability via window.postMessage triggered by the function handleCustomHtmlPreviewPostMessageEvent in src/util/campaignRender/nativeDisplay.js, which performs insufficient origin validation using the JavaSc...