Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Hello Bar Popup Builder: Malicious Code Injected into Web Pages
CVE-2026-39666
Summary
A security issue in Hello Bar Popup Builder allows attackers to inject malicious code into web pages, potentially stealing user data or taking control of a website. This affects versions up to 1.5.1. Update to the latest version to fix the issue.
Original title
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Po...
Original description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1.
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026