CVE-2014-8488

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.

Published: Dec 10, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-8488
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
yourls / yourls	1.7	1.7.x
fedoraproject / fedora	22	22.x
fedoraproject / fedora	20	20.x
fedoraproject / fedora	21	21.x

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html
http://seclists.org/fulldisclosure/2014/Oct/111

Vulnerability Database

CVE-2014-8488