Cmu: >> Cveclient Security Vulnerabilities
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
CVSS Score
6.1
EPSS Score
0.0
Published
2026-04-02
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-04-02