CVE-2026-3471

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

CVE-2026-3471

Mattermost Desktop App shows a vulnerability in versions ≤6.1, 6.0.1, 5.4.13.0 where it does not sanitize an invalid URL in a pop‑up window, enabling a malicious server to repeatedly crash the application via window.open('javascript:alert()'). Root cause: improper handling of URLs in pop‑ups. Imp...

CVE-2026-44742

CVE-2026-44742 affects Postorius up to version 1.3.13. The issue is that the message subject is not HTML-escaped when rendered in the Held messages pop-up, enabling HTML-injection-like rendering as noted “exploited in the wild in May 2026.” The provided sources confirm the affected software and t...

CVE-2025-31266

A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window...

EUVD-2010-0681

Malware in sbrugna...

EUVD-2009-2702

Malware in sbrugna...

EUVD-2006-1740

Malware in sbrugna...

EUVD-2024-46002

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-45404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in...

CVE-2024-52421

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through = 2.0...

CVE-2024-52421

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through = 2.0...

CVE-2024-52421 WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through = 2.0...

CVE-2024-52421

CVE-2024-52421 is a CSRF-enabled vulnerability in the WP Popup Window Maker WordPress plugin (

CVE-2024-52421 WordPress WP Popup Window Maker plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0...

PT-2024-35261 · WordPress · Wp Popup Window Maker

Name of the Vulnerable Software and Affected Versions: WP Popup Window Maker versions n/a through 2.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in WP Popup Window Maker. Recommendations: For versions n/a through 2.0, update to a...

WordPress plugin WP Popup Window Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox that originates from the ability to enumerate external protocol handlers via a pop-up window. No details of the vulnerability are currently available...

CVE-2023-51252

PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...

Cross site scripting

PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...

UBUNTU-CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...