John2020

**Name of the Vulnerable Software and Affected Versions** YOURLS Admin Panel versions 1.5 through 1.7.10 **Description** Multiple Stored Cross Site Scripting (XSS) issues exist due to the ability of an authenticated user to modify a PHP plugin with a malicious payload and upload it. This results in multiple stored XSS issues. **Recommendations** For YOURLS Admin Panel versions 1.5 through 1.7.10, consider disabling the plugin upload feature until a patch is available to prevent exploitation of the stored XSS vulnerabilities. Restrict access to the admin panel to minimize the risk of authenticated users uploading malicious plugins.