CVE-2024-51989 – Cross-site Scripting (XSS) Vulnerability in PasswordPusher

https://notcve.org/view.php?id=CVE-2024-51989

Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an un-sanitized parameter which could allow attackers to inject malicious JavaScript into the application. Users who self-host and have the login system enabled are affected. Exploitation of this vulnerability could expose user data, access to user sessions or take unintended actions on behalf of users. • https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-5chg-cq29-gfqf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •