Browse all 4 CVE security advisories affecting yourls. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Yourls serves as a self-hosted URL shortening service, enabling users to create and manage custom short links. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, as evidenced by its four recorded CVEs. These issues often stem from improper input validation and insufficient access controls. While no major public security incidents have been widely documented, the persistent presence of vulnerabilities highlights the importance of regular updates and proper configuration for secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-0088 | Cross-Site Request Forgery (CSRF) in yourls/yourls — yourls/yourlsCWE-352 | 6.5 | - | 2022-04-03 |
| CVE-2021-3785 | Cross-site Scripting (XSS) - Stored in yourls/yourls — yourls/yourlsCWE-79 | 6.1 | - | 2021-09-15 |
| CVE-2021-3783 | Cross-site Scripting (XSS) - Reflected in yourls/yourls — yourls/yourlsCWE-79 | 6.1 | - | 2021-09-15 |
| CVE-2021-3734 | Improper Restriction of Rendered UI Layers or Frames in yourls/yourls — yourls/yourlsCWE-1021 | 8.8 | - | 2021-08-26 |
This page lists every published CVE security advisory associated with yourls. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.