Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

CVE-2024-58285 (GCVE-0-2024-58285)

Vulnerability from cvelistv5

Published

2025-12-10 21:15

Modified

2026-03-05 12:03

Severity ?

5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

References

URL

Tags

	https://www.exploit-db.com/exploits/52013	exploit
	https://github.com/chyrp/	product
	https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip	product
	https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title	third-party-advisory

Impacted products

	Vendor	Product	Version
	chyrp	Chyrp	Version: 2.5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-58285",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-11T15:40:49.193816Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-11T15:40:59.773Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/52013"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Chyrp",
          "vendor": "chyrp",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.2"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:chyrplite:chyrp_lite:2.5.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ahmet \u00dcmit BAYRAM"
        }
      ],
      "datePublic": "2024-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eChyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.\u003c/p\u003e"
            }
          ],
          "value": "Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T12:03:33.851Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-52013",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/52013"
        },
        {
          "name": "Chyrp GitHub Repository",
          "tags": [
            "product"
          ],
          "url": "https://github.com/chyrp/"
        },
        {
          "name": "Chyrp Software Archive",
          "tags": [
            "product"
          ],
          "url": "https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip"
        },
        {
          "name": "VulnCheck Advisory: Chyrp 2.5.2 Stored Cross-Site Scripting Vulnerability via Post Title",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Chyrp 2.5.2 Stored Cross-Site Scripting Vulnerability via Post Title",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-58285",
    "datePublished": "2025-12-10T21:15:16.334Z",
    "dateReserved": "2025-12-10T14:35:24.455Z",
    "dateUpdated": "2026-03-05T12:03:33.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

jvndb-2014-000149

Vulnerability from jvndb

Published

2014-12-10 14:18

Modified

2014-12-15 18:06

Severity ?

() - -

Summary

Chyrp vulnerable to cross-site scripting

Details

Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN13160869/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7264
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7264
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor