CVE-2022-0088
LOW3.5EPSS 0.60%Cross-Site Request Forgery in YOURLS
Published: 4/4/2022Modified: 2/18/2026
Also known as:GHSA-gx7g-wjxg-jwwj
Description
YOURLS versions 1.8.2 and prior are vulnerable to Cross-Site Request Forgery.
Affected packages (1)
- Packagist/yourls/yourlsfrom 0, <= 1.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0088
- PATCHhttps://github.com/yourls/yourls
- WEBhttps://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md
- WEBhttps://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59
- WEBhttps://github.com/YOURLS/YOURLS/issues/3170
- WEBhttps://github.com/YOURLS/YOURLS/pull/3264
- WEBhttps://huntr.dev/bounties/d01f0726-1a0f-4575-ae17-4b5319b11c29