CVE-2021-25875
The CVE affects AVideo/YouPHPTube versions 10.0 and prior, where multiple reflected cross-site scripting (XSS) vulnerabilities exist in the searchPhrase parameter. The underlying issue enables a remote attacker to steal an administrator’s session cookies or perform actions as an administrator. Th...