Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jcHE4LXgzNWctbTQzOc0VzA
Cross-site Scripting in yourls
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in arbitrary path handling.
Permalink: https://github.com/advisories/GHSA-cpq8-x35g-m439JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcHE4LXgzNWctbTQzOc0VzA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: almost 2 years ago
CVSS Score: 6.6
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-cpq8-x35g-m439, CVE-2021-3783
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3783
- https://github.com/yourls/yourls/commit/94f6bab91182142c96ff11f481585b445449efd4
- https://huntr.dev/bounties/b688e553-d0d9-4ddf-95a3-ff4b78004984
- https://github.com/advisories/GHSA-cpq8-x35g-m439
Blast Radius: 4.6
Affected Packages
packagist:yourls/yourls
Dependent packages: 0Dependent repositories: 5
Downloads: 26,130 total
Affected Version Ranges: <= 1.8.2
No known fixed version
All affected versions: 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.9, 1.8.1, 1.8.2