Summary
The host is running Chyrp and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to hijack the session of the administrator or to read arbitrary accessible files or to gain sensitive information by executing arbitrary scripts.
Impact Level: Application
Solution
Upgrade to Chyrp version 2.1.1 or later,
For updates refer to http://chyrp.net/
Insight
Multiple flaws are due to.
- Insufficient input sanitisation on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injection in the context of the user session.
- Insufficient path sanitisation on the root 'action' query string parameter - 'title' and 'body' parameters are not initialised in the 'admin/help.php' file resulting in cross site scripting.
Affected
Chyrp version prior to 2.1.1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2743 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability