100 matches found
CVE-2021-3734
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
Input validation
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
CVE-2021-3734 Improper Restriction of Rendered UI Layers or Frames in yourls/yourls
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...
CVE-2021-3734
CVE-2021-3734 concerns YOURLS and is described in multiple sources as a vulnerability due to improper restriction of rendered UI layers or frames (clickjacking). The core issue is lack of frame restrictions, allowing an attacker to embed the application in an iframe and potentially trick users in...
yourls 安全漏洞
YOURLS is an open source PHP-based short linking platform. A security vulnerability exists in yourls, which stems from the fact that yourls is susceptible to improper restrictions on rendering UI layers or frames. An attacker could exploit this vulnerability to cause an operation to be performed...
Cross-site Scripting (XSS) - Stored in yourls/yourls
✍️ Description stored xss 🕵️♂️ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing 💥 Impact Stored xss allow to executed arbitary javascript code...
Cross-Site Scripting (XSS)
yourls/yourls is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the plugin file header...
YOURLS Admin Panel Cross-Site Scripting Vulnerability
YOURLS is a set of PHP-based open source short link platform. A cross-site scripting vulnerability exists in YOURLS Admin Panel versions 1.5 through 1.7.10, which stems from an authenticated user having to modify a PHP plugin with a malicious load and upload it, resulting in multiple stored XSS...
CVE-2020-27388
Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...
CVE-2020-27388
Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...
Cross site scripting
Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...
CVE-2020-27388
YOURLS Admin Panel (versions 1.5–1.7.10) is affected by multiple stored XSS vulnerabilities. The root cause is an authenticated user who modifies a PHP plugin with a malicious payload and uploads it, enabling stored XSS on affected pages. Public details consistently describe the issue as arising ...
CVE-2020-27388
Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...
GHSA-VF23-F26F-MJJ9 Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Impact YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass. Patches https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542 References https://vulners.com/cve/CVE-2019-14537...
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Impact YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass. Patches https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542 References https://vulners.com/cve/CVE-2019-14537...
Authentication Bypass
yourls is vulnerable to authentication bypass. The authentication functions consist of a type-juggling vulnerability that allows an attacker to use non-strict comparisons to bypass authentication and perform unauthorized actions in the admin page and API...
YOURLS Authorization Issues Vulnerability
YOURLS is a set of PHP-based open source short link platform. An authorization issue vulnerability exists in YOURLS 1.7.3 and earlier versions, which can be exploited by attackers to achieve login bypass...
CVE-2019-14537
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass...
CVE-2019-14537
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass...
Design/Logic Flaw
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass...