Lucene search
K

100 matches found

Github Security Blog
Github Security Blog
added 2024/07/10 2:25 p.m.24 views

PrivateBin allows shortening of URLs for other domains

In v1.5 we introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can...

5.3CVSS5.7AI score0.00627EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/07/09 7:15 p.m.56 views

CVE-2024-39899

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

5.3CVSS0.00627EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/09 6:57 p.m.16 views

CVE-2024-39899 PrivateBin allows shortening of URLs for other domains

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

5.3CVSS7AI score0.00627EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 6:57 p.m.24 views

CVE-2024-39899 PrivateBin allows shortening of URLs for other domains

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

5.3CVSS6.8AI score0.00627EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/09 6:57 p.m.56 views

CVE-2024-39899 PrivateBin allows shortening of URLs for other domains

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

5.3CVSS0.00627EPSS
Exploits0References3
CVE
CVE
added 2024/07/09 6:57 p.m.74 views

CVE-2024-39899

PrivateBin’s YOURLS proxy (introduced in v1.5) allowed shortening any URL that contains the PrivateBin instance, enabling an authentication bypass where a non-public YOURLs proxy could be abused to shorten arbitrary domains. The root cause was a faulty guard that only checked containment, not pro...

5.3CVSS5.2AI score0.00627EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:32 p.m.23 views

YOURLS Stored Cross Site Scripting (XSS)

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

5.4CVSS5.3AI score0.00589EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/24 5:32 p.m.24 views

GHSA-PWGG-R6FQ-MF94 YOURLS Stored Cross Site Scripting (XSS)

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

5.4CVSS5.3AI score0.00589EPSS
Exploits0References7
CNVD
CNVD
added 2022/05/23 12:0 a.m.17 views

YOURLS Cross-Site Scripting Vulnerability

YOURLS is a PHP-based short linking platform. YOURLS versions prior to 1.8.2 are vulnerable to a cross-site scripting vulnerability that originates when the program does not properly validate user input during page generation. An attacker could use this vulnerability to launch a cross-site...

3.5CVSS2.2AI score0.00721EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/20 11:8 p.m.45 views

CVE-2022-0088

Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...

7.4CVSS2.8AI score0.01994EPSS
Exploits5References1
Veracode
Veracode
added 2022/04/04 10:50 a.m.21 views

Cross-Site Request Forgery (CSRF)

yourls/yourls is vulnerable to cross-site request forgery. The vulnerability exists because the user logout is not properly validated which allows a malicious attacker to get access to the file system and perform unauthorized actions...

7.4CVSS4.3AI score0.01994EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2022/04/04 12:0 a.m.21 views

GHSA-GX7G-WJXG-JWWJ Cross-Site Request Forgery in YOURLS

YOURLS versions 1.8.2 and prior are vulnerable to Cross-Site Request Forgery...

3.5CVSS7.3AI score0.01994EPSS
Exploits5References7
Github Security Blog
Github Security Blog
added 2022/04/04 12:0 a.m.38 views

Cross-Site Request Forgery in YOURLS

YOURLS versions 1.8.2 and prior are vulnerable to Cross-Site Request Forgery...

7.4CVSS3.8AI score0.01994EPSS
Exploits5References7Affected Software1
NVD
NVD
added 2022/04/03 9:15 a.m.10 views

CVE-2022-0088

Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...

7.4CVSS0.01994EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2022/04/03 9:15 a.m.3 views

CVE-2022-0088

Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...

7.4CVSS5.5AI score0.01994EPSS
Exploits5References3
Cvelist
Cvelist
added 2022/04/03 8:50 a.m.18 views

CVE-2022-0088 Cross-Site Request Forgery (CSRF) in yourls/yourls

Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...

3.5CVSS7.8AI score0.01994EPSS
Exploits5References2
OSV
OSV
added 2022/04/03 8:50 a.m.31 views

CVE-2022-0088 Cross-Site Request Forgery (CSRF) in yourls/yourls

Cross-Site Request Forgery CSRF in GitHub repository yourls/yourls prior to 1.8.3...

3.5CVSS4.7AI score0.01994EPSS
Exploits5References5
CVE
CVE
added 2022/04/03 8:50 a.m.111 views

CVE-2022-0088

YOURLS 1.8.2 (and earlier) is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the yourls/yourls project, with PoCs and public writeups showing CSRF could be triggered via crafted requests (e.g., admin/logout actions). References in the connected documents include packetstorm CSRF...

7.4CVSS5.6AI score0.01994EPSS
Exploits5References3Affected Software1
CNNVD
CNNVD
added 2022/04/03 12:0 a.m.4 views

YOURLS 跨站请求伪造漏洞

YOURLS is a set of PHP-based open source short link platform. A cross-site request forgery vulnerability exists in YOURLS versions prior to 1.8.3. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

7.4CVSS5.5AI score0.01994EPSS
Exploits5References4
Huntr
Huntr
added 2021/12/24 8:30 a.m.24 views

Cross-Site Request Forgery (CSRF) in yourls/yourls

Description 1. Hi there YOURLS team, I would like to report a Cross Site Request forgery vulenrability on YOURLS. Cross-site request forgery also known as CSRF is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows ...

4.3CVSS1.1AI score0.01994EPSS
Exploits5References1
Rows per page
Query Builder