Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by yourls
CVE-2022-0088 (GCVE-0-2022-0088)
Vulnerability from nvd – Published: 2022-04-03 08:50 – Updated: 2026-02-16 14:48
VLAI
Title
Cross-Site Request Forgery (CSRF) in yourls/yourls
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
Severity
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d01f0726-1a0f-4575-ae1… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/1de256d86… | x_refsource_MISC |
| https://github.com/MarkLee131/awesome-web-pocs/bl… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , < 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-16T14:48:06.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T08:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
}
],
"source": {
"advisory": "d01f0726-1a0f-4575-ae17-4b5319b11c29",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0088",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.8.3"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29"
},
{
"name": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
}
]
},
"source": {
"advisory": "d01f0726-1a0f-4575-ae17-4b5319b11c29",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0088",
"datePublished": "2022-04-03T08:50:10.000Z",
"dateReserved": "2022-01-04T00:00:00.000Z",
"dateUpdated": "2026-02-16T14:48:06.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3785 (GCVE-0-2021-3785)
Vulnerability from nvd – Published: 2021-09-15 12:05 – Updated: 2024-08-03 17:09
VLAI
Title
Cross-site Scripting (XSS) - Stored in yourls/yourls
Summary
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b4085d13-54fa-4419-a2c… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/1d8e224eb… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , < 1.8.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThan": "1.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T12:05:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff"
}
],
"source": {
"advisory": "b4085d13-54fa-4419-a2ce-1d780cc31638",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3785",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.8.2"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638"
},
{
"name": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff"
}
]
},
"source": {
"advisory": "b4085d13-54fa-4419-a2ce-1d780cc31638",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3785",
"datePublished": "2021-09-15T12:05:13.000Z",
"dateReserved": "2021-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3783 (GCVE-0-2021-3783)
Vulnerability from nvd – Published: 2021-09-15 12:00 – Updated: 2024-08-03 17:09
VLAI
Title
Cross-site Scripting (XSS) - Reflected in yourls/yourls
Summary
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
6.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/94f6bab91… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , ≤ 1.8.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThanOrEqual": "1.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T12:00:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4"
}
],
"source": {
"advisory": "b688e553-d0d9-4ddf-95a3-ff4b78004984",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3783",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.8.2"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984"
},
{
"name": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4"
}
]
},
"source": {
"advisory": "b688e553-d0d9-4ddf-95a3-ff4b78004984",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3783",
"datePublished": "2021-09-15T12:00:18.000Z",
"dateReserved": "2021-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:08.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3734 (GCVE-0-2021-3734)
Vulnerability from nvd – Published: 2021-08-26 12:48 – Updated: 2024-08-03 17:01
VLAI
Title
Improper Restriction of Rendered UI Layers or Frames in yourls/yourls
Summary
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
Severity
6.5 (Medium)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be1… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/0a70acdcf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , ≤ 1.8.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThanOrEqual": "1.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T12:48:50.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe"
}
],
"source": {
"advisory": "dd2e2dbe-efe5-49ec-be11-7a7e7c41debd",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Rendered UI Layers or Frames in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3734",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of Rendered UI Layers or Frames in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd"
},
{
"name": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe"
}
]
},
"source": {
"advisory": "dd2e2dbe-efe5-49ec-be11-7a7e7c41debd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3734",
"datePublished": "2021-08-26T12:48:50.000Z",
"dateReserved": "2021-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:08.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27388 (GCVE-0-2020-27388)
Vulnerability from nvd – Published: 2020-10-23 19:59 – Updated: 2026-07-04 23:54
VLAI
Summary
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://johnjhacking.com/blog/cve-2020-27388/ | |
| https://github.com/YOURLS/YOURLS/pull/2761 | |
| http://yourls.com | x_refsource_MISCx_transferred |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yourls.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://johnjhacking.com/blog/cve-2020-27388/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/pull/2761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T23:54:08.874Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://johnjhacking.com/blog/cve-2020-27388/"
},
{
"url": "https://github.com/YOURLS/YOURLS/pull/2761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yourls.com",
"refsource": "MISC",
"url": "http://yourls.com"
},
{
"name": "https://johnjhacking.com/blog/cve-2020-27388/",
"refsource": "MISC",
"url": "https://johnjhacking.com/blog/cve-2020-27388/"
},
{
"name": "https://github.com/YOURLS/YOURLS/pull/2761",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/pull/2761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27388",
"datePublished": "2020-10-23T19:59:37.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2026-07-04T23:54:08.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-14537 (GCVE-0-2019-14537)
Vulnerability from nvd – Published: 2019-08-07 16:43 – Updated: 2024-08-05 00:19
VLAI
Summary
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/YOURLS/YOURLS/releases | x_refsource_MISC |
| https://github.com/YOURLS/YOURLS/commits/master | x_refsource_MISC |
| https://github.com/YOURLS/YOURLS/pull/2542 | x_refsource_MISC |
| https://github.com/Wocanilo/CVE-2019-14537 | x_refsource_MISC |
| https://security-garage.com/index.php/cves/cve-20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/pull/2542"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Wocanilo/CVE-2019-14537"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T12:26:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/YOURLS/YOURLS/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/YOURLS/YOURLS/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/YOURLS/YOURLS/pull/2542"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Wocanilo/CVE-2019-14537"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/YOURLS/YOURLS/releases",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/releases"
},
{
"name": "https://github.com/YOURLS/YOURLS/commits/master",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/commits/master"
},
{
"name": "https://github.com/YOURLS/YOURLS/pull/2542",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/pull/2542"
},
{
"name": "https://github.com/Wocanilo/CVE-2019-14537",
"refsource": "MISC",
"url": "https://github.com/Wocanilo/CVE-2019-14537"
},
{
"name": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14537",
"datePublished": "2019-08-07T16:43:52.000Z",
"dateReserved": "2019-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:19:41.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8488 (GCVE-0-2014-8488)
Vulnerability from nvd – Published: 2014-12-10 01:00 – Updated: 2024-08-06 13:18
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://seclists.org/fulldisclosure/2014/Oct/111 | mailing-listx_refsource_FULLDISC |
Date Public
2014-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-5965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html"
},
{
"name": "FEDORA-2015-5972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html"
},
{
"name": "FEDORA-2015-6002",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html"
},
{
"name": "20141025 Yourls XSS Stored",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T18:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-5965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html"
},
{
"name": "FEDORA-2015-5972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html"
},
{
"name": "FEDORA-2015-6002",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html"
},
{
"name": "20141025 Yourls XSS Stored",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-5965",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html"
},
{
"name": "FEDORA-2015-5972",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html"
},
{
"name": "FEDORA-2015-6002",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html"
},
{
"name": "20141025 Yourls XSS Stored",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8488",
"datePublished": "2014-12-10T01:00:00.000Z",
"dateReserved": "2014-10-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:18:48.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3824 (GCVE-0-2011-3824)
Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-09-16 23:20
VLAI
Summary
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3824",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:20:35.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0088 (GCVE-0-2022-0088)
Vulnerability from cvelistv5 – Published: 2022-04-03 08:50 – Updated: 2026-02-16 14:48
VLAI
Title
Cross-Site Request Forgery (CSRF) in yourls/yourls
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
Severity
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/d01f0726-1a0f-4575-ae1… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/1de256d86… | x_refsource_MISC |
| https://github.com/MarkLee131/awesome-web-pocs/bl… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , < 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-16T14:48:06.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T08:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
}
],
"source": {
"advisory": "d01f0726-1a0f-4575-ae17-4b5319b11c29",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0088",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery (CSRF) in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.8.3"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29"
},
{
"name": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
}
]
},
"source": {
"advisory": "d01f0726-1a0f-4575-ae17-4b5319b11c29",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0088",
"datePublished": "2022-04-03T08:50:10.000Z",
"dateReserved": "2022-01-04T00:00:00.000Z",
"dateUpdated": "2026-02-16T14:48:06.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3785 (GCVE-0-2021-3785)
Vulnerability from cvelistv5 – Published: 2021-09-15 12:05 – Updated: 2024-08-03 17:09
VLAI
Title
Cross-site Scripting (XSS) - Stored in yourls/yourls
Summary
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b4085d13-54fa-4419-a2c… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/1d8e224eb… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , < 1.8.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThan": "1.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T12:05:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff"
}
],
"source": {
"advisory": "b4085d13-54fa-4419-a2ce-1d780cc31638",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3785",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.8.2"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638"
},
{
"name": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff"
}
]
},
"source": {
"advisory": "b4085d13-54fa-4419-a2ce-1d780cc31638",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3785",
"datePublished": "2021-09-15T12:05:13.000Z",
"dateReserved": "2021-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3783 (GCVE-0-2021-3783)
Vulnerability from cvelistv5 – Published: 2021-09-15 12:00 – Updated: 2024-08-03 17:09
VLAI
Title
Cross-site Scripting (XSS) - Reflected in yourls/yourls
Summary
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity
6.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/94f6bab91… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , ≤ 1.8.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThanOrEqual": "1.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T12:00:18.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4"
}
],
"source": {
"advisory": "b688e553-d0d9-4ddf-95a3-ff4b78004984",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3783",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.8.2"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yourls is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984"
},
{
"name": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4"
}
]
},
"source": {
"advisory": "b688e553-d0d9-4ddf-95a3-ff4b78004984",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3783",
"datePublished": "2021-09-15T12:00:18.000Z",
"dateReserved": "2021-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:08.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3734 (GCVE-0-2021-3734)
Vulnerability from cvelistv5 – Published: 2021-08-26 12:48 – Updated: 2024-08-03 17:01
VLAI
Title
Improper Restriction of Rendered UI Layers or Frames in yourls/yourls
Summary
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
Severity
6.5 (Medium)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be1… | x_refsource_CONFIRM |
| https://github.com/yourls/yourls/commit/0a70acdcf… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yourls | yourls/yourls |
Affected:
unspecified , ≤ 1.8.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yourls/yourls",
"vendor": "yourls",
"versions": [
{
"lessThanOrEqual": "1.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-26T12:48:50.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe"
}
],
"source": {
"advisory": "dd2e2dbe-efe5-49ec-be11-7a7e7c41debd",
"discovery": "EXTERNAL"
},
"title": "Improper Restriction of Rendered UI Layers or Frames in yourls/yourls",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3734",
"STATE": "PUBLIC",
"TITLE": "Improper Restriction of Rendered UI Layers or Frames in yourls/yourls"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yourls/yourls",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.8.1"
}
]
}
}
]
},
"vendor_name": "yourls"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/dd2e2dbe-efe5-49ec-be11-7a7e7c41debd"
},
{
"name": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe",
"refsource": "MISC",
"url": "https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe"
}
]
},
"source": {
"advisory": "dd2e2dbe-efe5-49ec-be11-7a7e7c41debd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3734",
"datePublished": "2021-08-26T12:48:50.000Z",
"dateReserved": "2021-08-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:08.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27388 (GCVE-0-2020-27388)
Vulnerability from cvelistv5 – Published: 2020-10-23 19:59 – Updated: 2026-07-04 23:54
VLAI
Summary
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://johnjhacking.com/blog/cve-2020-27388/ | |
| https://github.com/YOURLS/YOURLS/pull/2761 | |
| http://yourls.com | x_refsource_MISCx_transferred |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yourls.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://johnjhacking.com/blog/cve-2020-27388/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/pull/2761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T23:54:08.874Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://johnjhacking.com/blog/cve-2020-27388/"
},
{
"url": "https://github.com/YOURLS/YOURLS/pull/2761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yourls.com",
"refsource": "MISC",
"url": "http://yourls.com"
},
{
"name": "https://johnjhacking.com/blog/cve-2020-27388/",
"refsource": "MISC",
"url": "https://johnjhacking.com/blog/cve-2020-27388/"
},
{
"name": "https://github.com/YOURLS/YOURLS/pull/2761",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/pull/2761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27388",
"datePublished": "2020-10-23T19:59:37.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2026-07-04T23:54:08.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-14537 (GCVE-0-2019-14537)
Vulnerability from cvelistv5 – Published: 2019-08-07 16:43 – Updated: 2024-08-05 00:19
VLAI
Summary
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/YOURLS/YOURLS/releases | x_refsource_MISC |
| https://github.com/YOURLS/YOURLS/commits/master | x_refsource_MISC |
| https://github.com/YOURLS/YOURLS/pull/2542 | x_refsource_MISC |
| https://github.com/Wocanilo/CVE-2019-14537 | x_refsource_MISC |
| https://security-garage.com/index.php/cves/cve-20… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/YOURLS/YOURLS/pull/2542"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Wocanilo/CVE-2019-14537"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T12:26:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/YOURLS/YOURLS/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/YOURLS/YOURLS/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/YOURLS/YOURLS/pull/2542"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Wocanilo/CVE-2019-14537"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/YOURLS/YOURLS/releases",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/releases"
},
{
"name": "https://github.com/YOURLS/YOURLS/commits/master",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/commits/master"
},
{
"name": "https://github.com/YOURLS/YOURLS/pull/2542",
"refsource": "MISC",
"url": "https://github.com/YOURLS/YOURLS/pull/2542"
},
{
"name": "https://github.com/Wocanilo/CVE-2019-14537",
"refsource": "MISC",
"url": "https://github.com/Wocanilo/CVE-2019-14537"
},
{
"name": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling",
"refsource": "MISC",
"url": "https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14537",
"datePublished": "2019-08-07T16:43:52.000Z",
"dateReserved": "2019-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:19:41.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8488 (GCVE-0-2014-8488)
Vulnerability from cvelistv5 – Published: 2014-12-10 01:00 – Updated: 2024-08-06 13:18
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://seclists.org/fulldisclosure/2014/Oct/111 | mailing-listx_refsource_FULLDISC |
Date Public
2014-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-5965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html"
},
{
"name": "FEDORA-2015-5972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html"
},
{
"name": "FEDORA-2015-6002",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html"
},
{
"name": "20141025 Yourls XSS Stored",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T18:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-5965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html"
},
{
"name": "FEDORA-2015-5972",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html"
},
{
"name": "FEDORA-2015-6002",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html"
},
{
"name": "20141025 Yourls XSS Stored",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-5965",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html"
},
{
"name": "FEDORA-2015-5972",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html"
},
{
"name": "FEDORA-2015-6002",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html"
},
{
"name": "20141025 Yourls XSS Stored",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8488",
"datePublished": "2014-12-10T01:00:00.000Z",
"dateReserved": "2014-10-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:18:48.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3824 (GCVE-0-2011-3824)
Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-09-16 23:20
VLAI
Summary
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-listx_refsource_MLIST |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
| http://code.google.com/p/inspathx/source/browse/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3824",
"datePublished": "2011-09-24T00:00:00.000Z",
"dateReserved": "2011-09-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:20:35.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}