1 results (0.002 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. • https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-5chg-cq29-gfqf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •