Pingvin Share
Monthly
Reflected cross-site scripting in pingvin-share's sign-in auto-redirect feature allows remote unauthenticated attackers to inject and execute arbitrary JavaScript in a victim's browser by manipulating the `redirect` query parameter. All releases from 1.0 through 1.13.0 (the full release history) are affected. A publicly available proof-of-concept exploit exists on GitHub, and the vendor has not responded to responsible disclosure — meaning no patch has been issued and no vendor advisory exists.
Reflected cross-site scripting in pingvin-share's sign-in auto-redirect feature allows remote unauthenticated attackers to inject and execute arbitrary JavaScript in a victim's browser by manipulating the `redirect` query parameter. All releases from 1.0 through 1.13.0 (the full release history) are affected. A publicly available proof-of-concept exploit exists on GitHub, and the vendor has not responded to responsible disclosure — meaning no patch has been issued and no vendor advisory exists.