CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0088 – Cross-Site Request Forgery (CSRF) in yourls/yourls
https://notcve.org/view.php?id=CVE-2022-0088
03 Apr 2022 — Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el repositorio de GitHub yourls/yourls versiones anteriores a 1.8.3 • https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3785 – Cross-site Scripting (XSS) - Stored in yourls/yourls
https://notcve.org/view.php?id=CVE-2021-3785
15 Sep 2021 — yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') yourls es vulnerable a la Neutralización Inapropiada de la Entrada durante la Generación de la Página Web ("Cross-site Scripting") • https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3783 – Cross-site Scripting (XSS) - Reflected in yourls/yourls
https://notcve.org/view.php?id=CVE-2021-3783
15 Sep 2021 — yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') yourls es vulnerable a una Neutralización Inapropiada de la Entrada durante la Generación de la Página Web ("Cross-site Scripting") • https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3734 – Improper Restriction of Rendered UI Layers or Frames in yourls/yourls
https://notcve.org/view.php?id=CVE-2021-3734
26 Aug 2021 — yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames yourls es vulnerable a una Restricción Inapropiada de Capas o Marcos de Interfaz de Usuario Renderizados • https://github.com/yourls/yourls/commit/0a70acdcfb5fcbc63dbc5750018d608288eba3fe • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27388
https://notcve.org/view.php?id=CVE-2020-27388
23 Oct 2020 — Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues. Se presentan múltiples vulnerabilidades de tipo Cross Site Scripting (XSS) almacenado en el YOURLS Admin Panel, versiones 1.5 - 1.7.10. Un usuario autenticado debe modificar un plugin PHP con una carga útil maliciosa y cargarlo, resultando en múltiples problemas d... • http://yourls.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 15%CPEs: 1EXPL: 2CVE-2019-14537
https://notcve.org/view.php?id=CVE-2019-14537
07 Aug 2019 — YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. YOURLS hasta la versión 1.7.3, está afectado por una vulnerabilidad de tipo juggling en el componente api, que puede resultar en la omisión de un inicio de sesión. • https://github.com/Wocanilo/CVE-2019-14537 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2014-8488
https://notcve.org/view.php?id=CVE-2014-8488
10 Dec 2014 — Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality. Vulnerabilidad de XSS en el panel del administrador en Yourls 1.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL que es procesada por la funcionalidad Shorten. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3824
https://notcve.org/view.php?id=CVE-2011-3824
24 Sep 2011 — Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files. Your Own URL Shortener (YOURLS) permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con includes/auth.php y algunos otros archivo... • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •