ID de Prueba:	1.3.6.1.4.1.25623.1.0.802311
Categoría:	Web application abuses
Título:	Chyrp < 2.1.1 Multiple Vulnerabilities
Resumen:	Chyrp is prone to multiple vulnerabilities.
Descripción:	Summary: Chyrp is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Insufficient input sanitisation on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injection in the context of the user session. - Insufficient path sanitisation on the root 'action' query string parameter. - 'title' and 'body' parameters are not initialised in the 'admin/help.php' file resulting in cross-site scripting (XSS). Vulnerability Impact: Successful exploitation will allow attacker to hijack the session of the administrator or to read arbitrary accessible files or to gain sensitive information by executing arbitrary scripts. Affected Software/OS: Chyrp version prior to 2.1.1. Solution: Update to version 2.1.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2743 BugTraq ID: 48672 http://www.securityfocus.com/bid/48672 Bugtraq: 20110713 [oCERT-2011-001] Chyrp input sanitization errors (Google Search) http://www.securityfocus.com/archive/1/518890/100/0/threaded http://www.justanotherhacker.com/advisories/JAHx113.txt http://www.ocert.org/advisories/ocert-2011-001.html http://osvdb.org/73887 http://osvdb.org/73888 http://osvdb.org/73889 http://secunia.com/advisories/45184 http://securityreason.com/securityalert/8312 XForce ISS Database: chyrp-multiple-xss(68563) https://exchange.xforce.ibmcloud.com/vulnerabilities/68563
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.