CVE-2021-47750

MEDIUM

YouPHPTube <= 7.8 - Cross-Site Scripting via Signup RedirectUri Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47750. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in YouPHPTube <= 7.8 via the 'lang' parameter, allowing unauthenticated path traversal to include arbitrary files. It also includes a reflected XSS proof-of-concept via the 'redirectUri' parameter.

Description

YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they access the signup page.

Exploits (1)

exploitdb WORKING POC
by Rafael Pedrero · textwebappsphp
https://www.exploit-db.com/exploits/51101

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in YouPHPTube <= 7.8 via the 'lang' parameter, allowing unauthenticated path traversal to include arbitrary files. It also includes a reflected XSS proof-of-concept via the 'redirectUri' parameter.

Classification
Working Poc 95%
Attack Type
Info Leak | Xss
Complexity
Trivial
Reliability
Reliable
Target: YouPHPTube <= 7.8
No auth needed
Prerequisites: Access to the target web application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51101

Scores

CVSS v3 6.1
EPSS 0.0030
EPSS Percentile 21.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
youphptube/youphptube < 7.8
YouPHPTube/YouPHPTube < 7.8
Published Jan 13, 2026
Tracked Since Feb 18, 2026