Skip to main content

Yourls

7 CVEs product

Monthly

CVE-2022-0088 PHP HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Yourls
NVD GitHub Exploit-DB
CVSS 3.1
7.4
EPSS
2.0%
CVE-2021-3785 PHP MEDIUM POC PATCH This Month

yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yourls
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-3783 PHP MEDIUM PATCH This Month

yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Yourls
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-3734 PHP HIGH POC PATCH This Week

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yourls
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-27388 PHP MEDIUM PATCH This Month

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Yourls
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-14537 PHP CRITICAL POC PATCH Act Now

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memory Corruption Yourls
NVD GitHub
CVSS 3.0
9.8
EPSS
6.1%
CVE-2014-8488 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Yourls Fedora
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 2% CVSS 7.4
HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Yourls
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yourls
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Yourls
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yourls
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Yourls
NVD GitHub VulDB
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memory Corruption Yourls
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Yourls Fedora
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy