PT-2020-16681 · Yourls · Yourls Admin Panel

John2020

Published

2020-10-23

Updated

2022-05-24

CVE-2020-27388

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions YOURLS Admin Panel versions 1.5 through 1.7.10

Description Multiple Stored Cross Site Scripting (XSS) issues exist due to the ability of an authenticated user to modify a PHP plugin with a malicious payload and upload it. This results in multiple stored XSS issues.

Recommendations For YOURLS Admin Panel versions 1.5 through 1.7.10, consider disabling the plugin upload feature until a patch is available to prevent exploitation of the stored XSS vulnerabilities. Restrict access to the admin panel to minimize the risk of authenticated users uploading malicious plugins.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-27388

GHSA-PWGG-R6FQ-MF94

Affected Products

Yourls Admin Panel

PT-2020-16681 · Yourls · Yourls Admin Panel

CVE-2020-27388

Weakness Enumeration

Related Identifiers

Affected Products

References · 12