QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-58285

Back to search

CVE-2024-58285

Published: Dec 10, 2025

Modified: Mar 5, 2026

PUBLISHED

Description

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

VendorProductVersions

chyrp

Chyrp

affected
2.5.2

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now