CVE-2024-58285

Name of the Vulnerable Software and Affected Versions Chyrp version 2.5.2

Description An authenticated user can inject malicious scripts into post titles. This is a stored cross-site scripting issue. An attacker can create payloads within the title field that will execute when a post is viewed by other users. This could lead to the theft of session cookies or other client-side attacks. The vulnerable parameter is the post title.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.