Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tOWZxLWM5aHAtNTlnN80Vyw
Cross-site Scripting in yourls
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in edit dialog.
Permalink: https://github.com/advisories/GHSA-m9fq-c9hp-59g7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tOWZxLWM5aHAtNTlnN80Vyw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-m9fq-c9hp-59g7, CVE-2021-3785
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3785
- https://github.com/yourls/yourls/commit/1d8e224ebabb8a4c75b97f026950ed710faab0ff
- https://huntr.dev/bounties/b4085d13-54fa-4419-a2ce-1d780cc31638
- https://github.com/advisories/GHSA-m9fq-c9hp-59g7
Blast Radius: 3.8
Affected Packages
packagist:yourls/yourls
Dependent packages: 0Dependent repositories: 5
Downloads: 24,889 total
Affected Version Ranges: < 1.8.2
Fixed in: 1.8.2
All affected versions: 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.9, 1.8.1
All unaffected versions: 1.8.2, 1.9.1, 1.9.2