Cross-site Scripting (XSS) - Stored in yourls/yourls

Valid

Reported on

Aug 24th 2021


✍️ Description

stored xss

🕵️‍♂️ Proof of Concept

plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing

💥 Impact

Stored xss allow to executed arbitary javascript code

We have contacted a member of the yourls team and are waiting to hear back a year ago
ranjit-git
a year ago

Researcher


Hello,any update?

ranjit-git
a year ago

Researcher


Plz validate this report .
If you need more info then let me know

྅༻ Ǭɀħ ༄༆ཉ confirmed that a fix has been merged on 1d8e22 a year ago
྅༻ Ǭɀħ ༄༆ཉ has been awarded the fix bounty
྅༻ Ǭɀħ ༄༆ཉ
a year ago

Thank you for reporting. Fixed.

Jamie Slome
a year ago

Admin


CVE published! 🎊

CVE-2021-3785

to join this conversation