CVE-2012-1001

MEDIUM

Chyrp < 2.1.2 - Cross-Site Scripting via Content or Body Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1001. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Chyrp 2.1.2 by submitting a malicious script via a POST request to error.php, which executes arbitrary JavaScript in the context of the user's browser.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36875

This exploit demonstrates an HTML injection vulnerability in Chyrp 2.1.2 by submitting a malicious script via a POST request to error.php, which executes arbitrary JavaScript in the context of the user's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Chyrp 2.1.2
No auth needed
Prerequisites: Access to the target's error.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36874

This exploit demonstrates an HTML injection vulnerability in Chyrp 2.1.1 by submitting a malicious script via a form to the ajax.php endpoint, which fails to sanitize user input. The script executes in the context of the affected browser, potentially stealing cookies or manipulating the site's rendering.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Chyrp 2.1.1
No auth needed
Prerequisites: Access to the target's ajax.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.htbridge.ch/advisory/HTB23073
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/52115
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/52117

Scores

CVSS v3 6.1
EPSS 0.0356
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
chyrp/chyrp 2.5.2 b1
chyrp/chyrp < 2.1.2
Published Nov 21, 2019
Tracked Since Feb 18, 2026