Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
6.3AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.
5.5AI Score
0.002EPSS
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
9.8CVSS
9.3AI Score
0.005EPSS
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
5.4CVSS
5.2AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
6.1CVSS
6.2AI Score
0.001EPSS
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
5.4CVSS
5.3AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
7.4CVSS
7.5AI Score
0.001EPSS