CVE-2026-59802 - PasswordPusher < 2.8.1 - Redirect-Based XSS via data URI in URL Push Payload
CVE ID :CVE-2026-59802 Published : July 8, 2026, 8:16 p.m. | 58 minutes ago Description :PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the valid_url function. Attackers can create malicious pushes containing data:text/html URIs...