Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:yourls:yourls:1.5:*:*:*:*:*:*:*
Informations
Vendor
yourlsProduct
yourlsVersion
1.5Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. | 7.4 |
Haute |
||
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |
Moyen |
||
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 |
Moyen |
||
| yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 8.8 |
Haute |
||
| Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues. | 5.4 |
Moyen |
||
| YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass. | 9.8 |
Critique |
||
| Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files. | 5 |
