Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.
References
| Link | Resource |
|---|---|
| https://github.com/chyrp/ | Product |
| https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip | Release Notes |
| https://www.exploit-db.com/exploits/52013 | Exploit Third Party Advisory |
| https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title | Third Party Advisory |
| https://www.exploit-db.com/exploits/52013 | Exploit Third Party Advisory |
Configurations
History
19 Dec 2025, 17:40
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| First Time |
Chyrp
Chyrp chyrp |
|
| CPE | cpe:2.3:a:chyrp:chyrp:2.5.2:*:*:*:*:*:*:* | |
| References | () https://github.com/chyrp/ - Product | |
| References | () https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip - Release Notes | |
| References | () https://www.exploit-db.com/exploits/52013 - Exploit, Third Party Advisory | |
| References | () https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title - Third Party Advisory |
11 Dec 2025, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.exploit-db.com/exploits/52013 - |
10 Dec 2025, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-10 22:16
Updated : 2025-12-19 17:40
NVD link : CVE-2024-58285
Mitre link : CVE-2024-58285
CVE.ORG link : CVE-2024-58285
JSON object : View
Products Affected
chyrp
- chyrp
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')