Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
Advisories for Composer/Yourls/Yourls package
2022
2021
Cross-site Scripting
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting
yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-Site Request Forgery (CSRF)
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
2020
Cross-site Scripting
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel - An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
2019
Improper Authentication
YOURLS is affected by a type juggling vulnerability in the api component that can result in login bypass.