CVE-2021-47750
Cross-Site Scripting in YouPHPTube Signup RedirectUri Parameter
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| youphptube | youphptube | to 7.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47750 is a cross-site scripting (XSS) vulnerability in YouPHPTube versions up to 7.8. It occurs because the redirectUri parameter on the signup page is not properly sanitized, allowing attackers to inject malicious scripts. By crafting special signup URLs containing embedded script tags, attackers can execute arbitrary JavaScript in the browsers of users who visit these URLs. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary JavaScript code in the browsers of users who access the crafted signup URLs. This can lead to session hijacking, phishing attacks, or other malicious actions performed in the context of the victim's browser, potentially compromising user security and privacy. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the signup page's redirectUri parameter for reflected cross-site scripting (XSS). You can craft and visit URLs with script tags embedded in the redirectUri parameter to see if the script executes. For example, accessing a URL like: http://<your_youphptube_domain>/signup?redirectUri='"()%26%25<ScRipt>alert(1)</ScRipt> will trigger an alert box if vulnerable. Additionally, monitoring web server logs for suspicious signup URLs containing script tags in the redirectUri parameter can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating YouPHPTube to a version later than 7.8 where this vulnerability is fixed. If an update is not possible, implement input validation and proper encoding/sanitization on the redirectUri parameter to prevent script injection. Additionally, restrict user input on the signup page and consider using web application firewalls (WAF) to block malicious requests containing script tags in parameters. Educate users to avoid clicking suspicious signup URLs. [1, 3]