CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-8488

Cross-site scripting (XSS) vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html
http://seclists.org/fulldisclosure/2014/Oct/111
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156526.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156564.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156596.html
http://seclists.org/fulldisclosure/2014/Oct/111

Products affected by CVE-2014-8488

Yourls » Yourls » Version: 1.7

cpe:2.3:a:yourls:yourls:1.7
Fedoraproject » Fedora » Version: 20

cpe:2.3:o:fedoraproject:fedora:20
Fedoraproject » Fedora » Version: 21

cpe:2.3:o:fedoraproject:fedora:21
Fedoraproject » Fedora » Version: 22

cpe:2.3:o:fedoraproject:fedora:22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-8488

Products

Pricing

Contact Us