CVE-2024-58285 - Chyrp Chyrp

Moderate 5.4

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

Affected software

Chyrp Chyrp

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.