Primary

Context

Chyrp Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Chyrp version 2.5.2. This vulnerability allows authenticated users to inject malicious scripts into post titles. When the post is viewed by other users, the injected scripts are executed, potentially leading to session cookie theft or other client-side attacks.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the post.

Reproduction

To reproduce this vulnerability, log into Chyrp 2.5.2 and navigate to the 'Write' post section. Inject a script payload, such as an image tag with an 'onerror' event, into the 'Title' field. After publishing the post, the injected script will execute when the post is viewed.

Added: Dec 10, 2025, 10:29 PM

Updated: Dec 10, 2025, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.4

exploitability

6.5

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.4

exploitability

6.5

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chyrp Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Chyrp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating