Skip to main content

Youphptube CVE-2021-25876

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-11-01 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 01, 2021 - 12:15 nvd
MEDIUM 6.1

DescriptionNVD

AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.

AnalysisAI

AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. Affected products include: Youphptube.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-5114 CRITICAL POC
9.9 Oct 25

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Rated critical severit

CVE-2019-5151 CRITICAL POC
9.8 Oct 31

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2019-16124 CRITICAL POC
9.8 Sep 09

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to

CVE-2019-5123 HIGH POC
8.8 Oct 25

Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. Rated high severity (CVSS 8.8), this vulnerab

CVE-2019-5122 HIGH POC
8.8 Oct 25

SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS 8.8), this v

CVE-2019-5121 HIGH POC
8.8 Oct 25

SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS 8.8), this v

CVE-2019-5120 HIGH POC
8.8 Oct 25

An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS

CVE-2019-5117 HIGH POC
8.8 Oct 25

Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Rated high severity (CV

CVE-2019-5116 HIGH POC
8.8 Oct 25

An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS

CVE-2019-5150 HIGH POC
8.1 Oct 31

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Rated high severity (CVSS 8.1), this vulnerability i

CVE-2021-25874 HIGH POC
7.5 Nov 01

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter

CVE-2021-25877 HIGH POC
7.2 Nov 01

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. Rated high severity (CVSS 7.2), this vulnerability

Share

CVE-2021-25876 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy