Lucene search
K

100 matches found

OSV
OSV
added 2021/08/26 1:15 p.m.13 views

CVE-2021-3734

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...

8.8CVSS8.7AI score
Exploits0References2
Prion
Prion
added 2021/08/26 1:15 p.m.12 views

Input validation

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...

6.8CVSS8.7AI score0.00405EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/26 12:48 p.m.18 views

CVE-2021-3734 Improper Restriction of Rendered UI Layers or Frames in yourls/yourls

yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames...

6.5CVSS8.9AI score0.00405EPSS
Exploits1References2
CVE
CVE
added 2021/08/26 12:48 p.m.68 views

CVE-2021-3734

CVE-2021-3734 concerns YOURLS and is described in multiple sources as a vulnerability due to improper restriction of rendered UI layers or frames (clickjacking). The core issue is lack of frame restrictions, allowing an attacker to embed the application in an iframe and potentially trick users in...

8.8CVSS7.4AI score0.00405EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.4 views

yourls 安全漏洞

YOURLS is an open source PHP-based short linking platform. A security vulnerability exists in yourls, which stems from the fact that yourls is susceptible to improper restrictions on rendering UI layers or frames. An attacker could exploit this vulnerability to cause an operation to be performed...

8.8CVSS6.9AI score0.00405EPSS
Exploits1References3
Huntr
Huntr
added 2021/08/24 5:8 p.m.17 views

Cross-site Scripting (XSS) - Stored in yourls/yourls

✍️ Description stored xss 🕵️‍♂️ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing 💥 Impact Stored xss allow to executed arbitary javascript code...

3.5CVSS0.8AI score0.00721EPSS
Exploits1
Veracode
Veracode
added 2020/10/27 4:39 a.m.20 views

Cross-Site Scripting (XSS)

yourls/yourls is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the plugin file header...

5.4CVSS3AI score0.00589EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/10/26 12:0 a.m.3 views

YOURLS Admin Panel Cross-Site Scripting Vulnerability

YOURLS is a set of PHP-based open source short link platform. A cross-site scripting vulnerability exists in YOURLS Admin Panel versions 1.5 through 1.7.10, which stems from an authenticated user having to modify a PHP plugin with a malicious load and upload it, resulting in multiple stored XSS...

5.4CVSS5.8AI score0.00589EPSS
Exploits0References1
OSV
OSV
added 2020/10/23 8:15 p.m.33 views

CVE-2020-27388

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

5.4CVSS5.2AI score0.00589EPSS
Exploits0References3
NVD
NVD
added 2020/10/23 8:15 p.m.37 views

CVE-2020-27388

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

5.4CVSS0.00589EPSS
Exploits0References2
Prion
Prion
added 2020/10/23 8:15 p.m.18 views

Cross site scripting

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

3.5CVSS5.2AI score0.00589EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/10/23 7:59 p.m.52 views

CVE-2020-27388

YOURLS Admin Panel (versions 1.5–1.7.10) is affected by multiple stored XSS vulnerabilities. The root cause is an authenticated user who modifies a PHP plugin with a malicious payload and uploads it, enabling stored XSS on affected pages. Public details consistently describe the issue as arising ...

5.4CVSS5.2AI score0.00589EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/23 7:59 p.m.41 views

CVE-2020-27388

Multiple Stored Cross Site Scripting XSS vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues...

5.4AI score0.00589EPSS
Exploits0References2
OSV
OSV
added 2019/09/23 6:32 p.m.13 views

GHSA-VF23-F26F-MJJ9 Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls

Impact YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass. Patches https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542 References https://vulners.com/cve/CVE-2019-14537...

9.8CVSS7.8AI score0.06145EPSS
Exploits2References9
Github Security Blog
Github Security Blog
added 2019/09/23 6:32 p.m.29 views

Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls

Impact YOURLS through 1.7.3 is affected by a type juggling vulnerability in the API component that can result in login bypass. Patches https://github.com/YOURLS/YOURLS/releases/tag/1.7.4 https://github.com/YOURLS/YOURLS/pull/2542 References https://vulners.com/cve/CVE-2019-14537...

9.8CVSS7.8AI score0.06145EPSS
Exploits2References8Affected Software1
Veracode
Veracode
added 2019/08/08 6:24 a.m.21 views

Authentication Bypass

yourls is vulnerable to authentication bypass. The authentication functions consist of a type-juggling vulnerability that allows an attacker to use non-strict comparisons to bypass authentication and perform unauthorized actions in the admin page and API...

9.8CVSS4.3AI score0.06145EPSS
Exploits2References5Affected Software1
CNVD
CNVD
added 2019/08/08 12:0 a.m.3 views

YOURLS Authorization Issues Vulnerability

YOURLS is a set of PHP-based open source short link platform. An authorization issue vulnerability exists in YOURLS 1.7.3 and earlier versions, which can be exploited by attackers to achieve login bypass...

9.8CVSS6.8AI score0.06145EPSS
Exploits2References1
NVD
NVD
added 2019/08/07 5:15 p.m.14 views

CVE-2019-14537

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass...

9.8CVSS9.4AI score0.06145EPSS
Exploits2References5
OSV
OSV
added 2019/08/07 5:15 p.m.17 views

CVE-2019-14537

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass...

9.8CVSS6.7AI score0.06145EPSS
Exploits2References5
Prion
Prion
added 2019/08/07 5:15 p.m.16 views

Design/Logic Flaw

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass...

7.5CVSS9.4AI score0.06145EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder