CVE-2026-48966
7.1 HIGHUnauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions
Published: 2026-06-15 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
- CWE
- CWE-79
Description
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48157 — Slim is a PHP micro framework that enables users to write simple web applications and APIs (6.1 MEDIUM)
- CVE-2026-52702 — Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions (7.1 HIGH)
- CVE-2026-49773 — Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions (6.5 MEDIUM)
- CVE-2026-49055 — Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions (7.1 HIGH)
- CVE-2026-48885 — Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions (7.1 HIGH)