Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Server(s) fieldโs lack of data validation filtering for user-supplied data and output. An attacker could exploit the vulnerability to run operating system commands.