CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14537
https://notcve.org/view.php?id=CVE-2019-14537
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. YOURLS hasta la versión 1.7.3, está afectado por una vulnerabilidad de tipo juggling en el componente api, que puede resultar en la omisión de un inicio de sesión. • https://github.com/Wocanilo/CVE-2019-14537 https://github.com/YOURLS/YOURLS/commits/master https://github.com/YOURLS/YOURLS/pull/2542 https://github.com/YOURLS/YOURLS/releases https://security-garage.com/index.php/cves/cve-2019-14537-api-authentication-bypass-via-type-juggling • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2014-8488
https://notcve.org/view.php?id=CVE-2014-8488
Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. Vulnerabilidad de XSS en el panel del administrador en Yourls 1.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL que es procesada por la funcionalidad Shorten. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html http://seclists.org/fulldisclosure/2014/Oct/111 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3824
https://notcve.org/view.php?id=CVE-2011-3824
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files. Your Own URL Shortener (YOURLS) permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con includes/auth.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/yourls-1.5 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •