Summary
The host is running Chyrp and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to hijack the session of the administrator or to read arbitrary accessible files or to gain sensitive information by executing arbitrary scripts.
Impact Level: Application
Solution
Upgrade to Chyrp version 2.1.1 or later,
For updates refer to http://chyrp.net/
Insight
Multiple flaws are due to.
- Insufficient input sanitisation on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injection in the context of the user session.
- Insufficient path sanitisation on the root 'action' query string parameter - 'title' and 'body' parameters are not initialised in the 'admin/help.php' file resulting in cross site scripting.
Affected
Chyrp version prior to 2.1.1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2743 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Apache ActiveMQ Multiple Vulnerabilities