100 matches found
PrivateBin allows shortening of URLs for other domains
In v1.5 we introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can...
CVE-2024-39899
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
CVE-2024-39899 PrivateBin allows shortening of URLs for other domains
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
CVE-2024-39899 PrivateBin allows shortening of URLs for other domains
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
CVE-2024-39899 PrivateBin allows shortening of URLs for other domains
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
CVE-2024-39899
PrivateBin’s YOURLS proxy (introduced in v1.5) allowed shortening any URL that contains the PrivateBin instance, enabling an authentication bypass where a non-public YOURLs proxy could be abused to shorten arbitrary domains. The root cause was a faulty guard that only checked containment, not pro...
YOURLS Stored Cross Site Scripting (XSS)
Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...
GHSA-PWGG-R6FQ-MF94 YOURLS Stored Cross Site Scripting (XSS)
Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...
YOURLS Cross-Site Scripting Vulnerability
YOURLS is a PHP-based short linking platform. YOURLS versions prior to 1.8.2 are vulnerable to a cross-site scripting vulnerability that originates when the program does not properly validate user input during page generation. An attacker could use this vulnerability to launch a cross-site...
CVE-2022-0088
Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...
Cross-Site Request Forgery (CSRF)
yourls/yourls is vulnerable to cross-site request forgery. The vulnerability exists because the user logout is not properly validated which allows a malicious attacker to get access to the file system and perform unauthorized actions...
GHSA-GX7G-WJXG-JWWJ Cross-Site Request Forgery in YOURLS
YOURLS versions 1.8.2 and prior are vulnerable to Cross-Site Request Forgery...
Cross-Site Request Forgery in YOURLS
YOURLS versions 1.8.2 and prior are vulnerable to Cross-Site Request Forgery...
CVE-2022-0088
Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...
CVE-2022-0088
Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...
CVE-2022-0088 Cross-Site Request Forgery (CSRF) in yourls/yourls
Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...
CVE-2022-0088 Cross-Site Request Forgery (CSRF) in yourls/yourls
Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...
CVE-2022-0088
YOURLS 1.8.2 (and earlier) is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the yourls/yourls project, with PoCs and public writeups showing CSRF could be triggered via crafted requests (e.g., admin/logout actions). References in the connected documents include packetstorm CSRF...
YOURLS 跨站请求伪造漏洞
YOURLS is a set of PHP-based open source short link platform. A cross-site request forgery vulnerability exists in YOURLS versions prior to 1.8.3. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...
Cross-Site Request Forgery (CSRF) in yourls/yourls
Description 1. Hi there YOURLS team, I would like to report a Cross Site Request forgery vulenrability on YOURLS. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows ...