AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
References
Link | Resource |
---|---|
http://avideoyouphptube.com | Broken Link Product URL Repurposed |
https://synacktiv.com | Product |
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf | Exploit Vendor Advisory |
http://avideoyouphptube.com | Broken Link Product URL Repurposed |
https://synacktiv.com | Product |
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf | Exploit Vendor Advisory |
Configurations
History
21 Nov 2024, 05:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://avideoyouphptube.com - Broken Link, Product, URL Repurposed | |
References | () https://synacktiv.com - Product | |
References | () https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - Exploit, Vendor Advisory |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://avideoyouphptube.com - Broken Link, Product, URL Repurposed |
08 Nov 2021, 15:55
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CPE | cpe:2.3:a:youphptube:youphptube:*:*:*:*:*:*:*:* | |
References | (MISC) https://synacktiv.com - Product | |
References | (MISC) https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - Exploit, Vendor Advisory | |
References | (MISC) http://avideoyouphptube.com - Broken Link, Product |
01 Nov 2021, 12:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-01 12:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-25878
Mitre link : CVE-2021-25878
CVE.ORG link : CVE-2021-25878
JSON object : View
Products Affected
youphptube
- youphptube
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')