CVE-2021-47750
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they access the signup page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| YouPHPTube | YouPHPTube | 0 <= 7.8 | affected |
Weaknesses
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/51101
- https://web.archive.org/web/20170506141644/https://www.youphptube.com/
- https://www.vulncheck.com/advisories/youphptube-cross-site-scripting
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.