exploitDog

CVE-2024-58285

Опубликовано: 10 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

Ссылки

https://github.com/chyrp/
Product
https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip
Release Notes
https://www.exploit-db.com/exploits/52013
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title
Third Party Advisory
https://www.exploit-db.com/exploits/52013
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chyrp:chyrp:2.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00036

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-crjg-wx7c-rfjc

CVSS3: 5.4

github

около 2 месяцев назад

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

EPSS

Процентиль: 10%

0.00036

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79