3 matches found
CVE-2011-2743
Multiple cross-site scripting XSS vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to 1 the default URI or 2 includes/javascript.php, or the 3 title or 4 body parameter to admin/help.php...
Directory traversal
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F encoded dot dot slash in the action parameter to the default URI...
CVE-2011-2744
CVE-2011-2744 is a directory traversal vulnerability in Chyrp 2.1 and earlier. The flaw allows remote attackers to include and execute local files via a encoded ../ in the action parameter to the default URI. The NVD entry lists a CVSS v2 base score of 6.8 (MEDIUM) with network access, requiring ...