CVE-2021-25875

Name of the Vulnerable Software and Affected Versions AVideo/YouPHPTube versions 10.0 and prior

Description The issue allows a remote attacker to steal administrators' session cookies or perform actions as an administrator due to multiple reflected Cross Scripting vulnerabilities. This is achieved via the searchPhrase parameter.

Recommendations For versions 10.0 and prior, consider disabling the search functionality that utilizes the searchPhrase parameter until a patch is available. Restrict access to administrative areas to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.