yourls 漏洞與 CVE 列表（8）

產品（CPE）: — CVE 數: 8

yourls 漏洞概覽

彙總 yourls 相關全部產品的 CVE 與安全漏洞情報，包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與跨站腳本、CSRF與路徑處理缺陷相關，可能在生產負載與軟體部署場景中帶來工作階段劫持與檔案覆寫等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告，可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢（近 24 個月）

CVE	摘要	來源	最高 CVSS	EPSS %	公開時間	更新時間
CVE-2022-0088	Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.	[email protected]	7.4	1.99%	2022-04-03	2026-06-17
CVE-2021-3785	yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	[email protected]	5.4	0.70%	2021-09-15	2026-06-17
CVE-2021-3783	yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	[email protected]	6.1	0.67%	2021-09-15	2026-06-17
CVE-2021-3734	yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames	[email protected]	8.8	0.39%	2021-08-26	2026-06-17
CVE-2020-27388	Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.	[email protected]	5.4	0.75%	2020-10-23	2026-06-17
CVE-2019-14537	YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.	[email protected]	9.8	6.14%	2019-08-07	2026-06-17
CVE-2014-8488	Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.	[email protected]	4.3	1.86%	2014-12-10	2026-06-17
CVE-2011-3824	Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.	[email protected]	5.0	1.23%	2011-09-24	2026-06-16

cvelogic Threat Intelligence