Description

YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.

Remediation

References

CVE-2019-14537

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2606)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44946)

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Scripting (2.4.13)

MySQL CVE-2014-6500 Vulnerability (CVE-2014-6500)

WordPress 3.7.3 Multiple Vulnerabilities (3.7 - 3.7.3)

Severity

Critical

Classification

CVE-2019-14537 CWE-843 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities