We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

/

Cross-site Scripting (XSS) - Stored in yourls/yourls

Valid

Reported on

Aug 24th 2021

✍️ Description

stored xss

🕵️‍♂️ Proof of Concept

plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing

💥 Impact

Stored xss allow to executed arbitary javascript code

Occurrences

admin-ajax.php L3

We have contacted a member of the yourls team and are waiting to hear back 2 years ago

commented 2 years ago

Researcher

Hello,any update?

commented 2 years ago

Researcher

Plz validate this report .
If you need more info then let me know

྅༻ Ǭɀħ ༄༆ཉ marked this as fixed with commit 1d8e22 2 years ago

྅༻ Ǭɀħ ༄༆ཉ has been awarded the fix bounty

This vulnerability will not receive a CVE

྅༻ Ǭɀħ ༄༆ཉ

commented 2 years ago

Maintainer

Thank you for reporting. Fixed.

commented 2 years ago

Admin

CVE published! 🎊

to join this conversation

We have contacted a member of the yourls team and are waiting to hear back 2 years ago

commented 2 years ago

Researcher

Hello,any update?

commented 2 years ago

Researcher

Plz validate this report .
If you need more info then let me know

྅༻ Ǭɀħ ༄༆ཉ marked this as fixed with commit 1d8e22 2 years ago

྅༻ Ǭɀħ ༄༆ཉ has been awarded the fix bounty

This vulnerability will not receive a CVE

྅༻ Ǭɀħ ༄༆ཉ

commented 2 years ago

Maintainer

Thank you for reporting. Fixed.

commented 2 years ago

Admin

CVE published! 🎊

to join this conversation