VYPR

Passwordpusher

by Pglombardo

Source repositories

CVEs (4)

  • CVE-2024-51989HigNov 7, 2024
    risk 0.46cvss 7.1epss 0.00

    Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting (XSS) vulnerability was identified in the PasswordPusher application, affecting versions `v1.41.1` through and including `v.1.48.0`. The issue arises from an…

  • CVE-2024-56733MedDec 30, 2024
    risk 0.37cvss 5.7epss 0.00

    Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although…

  • CVE-2026-41308MedMay 8, 2026
    risk 0.35cvss 6.5epss 0.00

    Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain…

  • CVE-2024-52796MedNov 20, 2024
    risk 0.27cvss 5.3epss 0.01

    Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the…