CVE-2011-2743

Chyrp < 2.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Wireghoul · textwebappsphp

https://www.exploit-db.com/exploits/35943

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Wireghoul · textwebappsphp

https://www.exploit-db.com/exploits/35944

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://osvdb.org/73887

[Third Party Advisory, VDB Entry] http://osvdb.org/73888

[Third Party Advisory, VDB Entry] http://osvdb.org/73889

[Vendor Advisory] http://secunia.com/advisories/45184

[Exploit] http://www.justanotherhacker.com/advisories/JAHx113.txt

[Various Sources] http://www.ocert.org/advisories/ocert-2011-001.html

[Exploit] http://www.securityfocus.com/bid/48672

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/68563

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/518890/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/8312

Scores

EPSS 0.1650

EPSS Percentile 94.8%

Classification

CWE

CWE-79

Status published

Affected Products (6)

chyrp/chyrp < 2.1

chyrp/chyrp

chyrp/chyrp

chyrp/chyrp

chyrp/chyrp

n/a/n/a

Timeline

Published Jul 19, 2011

Tracked Since Feb 18, 2026