Clevertap Clevertap Web Sdk — known CVE vulnerabilities
Every CVE whose affected-product data names Clevertap Clevertap Web Sdk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-26861 — CVSS 8.3 (high): CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.postMessage. The handleCustomHtmlPreview…
CVE-2026-26862 — CVSS 8.3 (high): CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage in the Visual…