Vulnerabilities > Youphptube > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-25875 | Cross-site Scripting vulnerability in Youphptube AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | 6.1 |
| 2021-11-01 | CVE-2021-25876 | Cross-site Scripting vulnerability in Youphptube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | 6.1 |
| 2021-11-01 | CVE-2021-25878 | Cross-site Scripting vulnerability in Youphptube AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | 6.1 |
| 2019-08-20 | CVE-2019-14430 | SQL Injection vulnerability in Youphptube plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | 5.3 |