Search Results (1 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-59802 2 Apnotic, Pwpush 2 Password Pusher, Password Pusher 2026-07-14 8.2 High
PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the valid_url function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and credential theft under the trusted PasswordPusher domain.