CVE-2026-59802
PasswordPusher before 2.8.1 is vulnerable to Redirect-Based XSS due to insufficient validation in the valid_url function, allowing data:text/html URIs in URL push payloads that can execute JavaScript in victims’ browsers when clicked within the trusted domain. Affected versions: before 2.8.1. Roo...