Is yourls/yourls affected by GHSA-6mp4-q625-mxjp?

Packagist yourls/yourls is affected in <=1.10.2.

Is GHSA-6mp4-q625-mxjp being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

high

GHSA-6mp4-q625-mxjp

Q: Is GHSA-6mp4-q625-mxjp being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

Packagist · yourls/yourls

Summary

YOURLS is vulnerable to XSS through JSONP and Callback request parameters

Severity: high
Published: 2025-12-30

References

https://github.com/YOURLS/YOURLS/security/advisories/GHSA-6mp4-q625-mxjp
https://github.com/YOURLS/YOURLS/commit/b1c6100e0aa6fef58c9c1a394ccc19352c3a480a
https://github.com/YOURLS/YOURLS

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.