Test ID:	1.3.6.1.4.1.25623.1.0.802311
Category:	Web application abuses
Title:	Chyrp < 2.1.1 Multiple Vulnerabilities
Summary:	Chyrp is prone to multiple vulnerabilities.
Description:	Summary: Chyrp is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Insufficient input sanitisation on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injection in the context of the user session. - Insufficient path sanitisation on the root 'action' query string parameter. - 'title' and 'body' parameters are not initialised in the 'admin/help.php' file resulting in cross-site scripting (XSS). Vulnerability Impact: Successful exploitation will allow attacker to hijack the session of the administrator or to read arbitrary accessible files or to gain sensitive information by executing arbitrary scripts. Affected Software/OS: Chyrp version prior to 2.1.1. Solution: Update to version 2.1.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2743 BugTraq ID: 48672 http://www.securityfocus.com/bid/48672 Bugtraq: 20110713 [oCERT-2011-001] Chyrp input sanitization errors (Google Search) http://www.securityfocus.com/archive/1/518890/100/0/threaded http://www.justanotherhacker.com/advisories/JAHx113.txt http://www.ocert.org/advisories/ocert-2011-001.html http://osvdb.org/73887 http://osvdb.org/73888 http://osvdb.org/73889 http://secunia.com/advisories/45184 http://securityreason.com/securityalert/8312 XForce ISS Database: chyrp-multiple-xss(68563) https://exchange.xforce.ibmcloud.com/vulnerabilities/68563
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.