CVE-2024-58285

MEDIUM

Chyrp - XSS

Title source: rule

Description

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · textwebappsphp

https://www.exploit-db.com/exploits/52013

View Code ZIP pw:eip

References (4)

[Product] https://github.com/chyrp/

[Release Notes] https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/52013

[Third Party Advisory] https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title

Scores

CVSS v3 5.4

EPSS 0.0006

EPSS Percentile 17.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

chyrp/chyrp 2.5.2

Published Dec 10, 2025

Tracked Since Feb 18, 2026