What is CVE-2020-27388?

CVE-2020-27388 is a vulnerability that allows an authenticated user to upload a PHP plugin with a malicious payload, resulting in multiple stored Cross Site Scripting (XSS) issues in the YOURLS Admin Panel versions 1.5 - 1.7.10.

How severe is CVE-2020-27388?

CVE-2020-27388 has a severity score of 5.4, which is classified as medium severity.

What is the affected software for CVE-2020-27388?

The affected software for CVE-2020-27388 is YOURLS Admin Panel versions 1.5 - 1.7.10.

How can an attacker exploit CVE-2020-27388?

An attacker can exploit CVE-2020-27388 by modifying a PHP plugin with a malicious payload and uploading it to the YOURLS Admin Panel.

Are there any references for CVE-2020-27388?

Yes, you can find references for CVE-2020-27388 at the following links: http://yourls.com, https://github.com/YOURLS/YOURLS/pull/2761, https://johnjhacking.com/blog/cve-2020-27388/

Vulnerability/
CVE-2020-27388

medium

5.4

CWE

23/10/2020

24/5/2022

4/8/2024

CVE-2020-27388: XSS

First published: Fri Oct 23 2020(Updated: )

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/yourls/yourls	>=1.5<1.8	1.8
Yourls Yourls	>=1.5<=1.7.10

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-27388?
CVE-2020-27388 is a vulnerability that allows an authenticated user to upload a PHP plugin with a malicious payload, resulting in multiple stored Cross Site Scripting (XSS) issues in the YOURLS Admin Panel versions 1.5 - 1.7.10.
How severe is CVE-2020-27388?
CVE-2020-27388 has a severity score of 5.4, which is classified as medium severity.
What is the affected software for CVE-2020-27388?
The affected software for CVE-2020-27388 is YOURLS Admin Panel versions 1.5 - 1.7.10.
How can an attacker exploit CVE-2020-27388?
An attacker can exploit CVE-2020-27388 by modifying a PHP plugin with a malicious payload and uploading it to the YOURLS Admin Panel.
Are there any references for CVE-2020-27388?
Yes, you can find references for CVE-2020-27388 at the following links: http://yourls.com, https://github.com/YOURLS/YOURLS/pull/2761, https://johnjhacking.com/blog/cve-2020-27388/

collector/nvd-index
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-pwgg-r6fq-mf94
alias/CVE-2020-27388
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/author
agent/description
collector/nvd-cve
source/NVD
collector/github-advisory
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/trending
vendor/yourls
canonical/yourls yourls
version/yourls yourls/1.5
version/yourls yourls/1.7.10
package-manager/composer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.