MEDIUM
PasswordPusher
CVE published 2026-07-08
CVE-2026-59802
CVE-2026-59802 is a MEDIUM severity vulnerability in PasswordPusher before 2.8.1. The vulnerability is caused by insufficient validation in the valid_url function, which accepts data URI schemes in URL push payloads. This allows attackers to create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and credential theft und [truncated]