CVE-2022-25229
CVE-2022-25229 affects Popcorn Time 0.4.7. A Stored XSS vulnerability originates in the Settings page, in the Movies API Server(s) field, where lack of input validation allows injection of script. The issue is aggravated by nodeIntegration being turned on, which can permit the webpage to access N...