πŸ” CVE Alert

CVE-2024-58285

UNKNOWN 0.0

Chyrp 2.5.2 Stored Cross-Site Scripting Vulnerability via Post Title

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

CWE CWE-79
Vendor chyrp
Product chyrp
Published Dec 10, 2025
Last Updated Mar 5, 2026
Stay Ahead of the Next One

Get instant alerts for chyrp chyrp

Be the first to know when new unknown vulnerabilities affecting chyrp chyrp are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

chyrp / Chyrp
2.5.2

References

NVD β†— CVE.org β†— EPSS Data β†—
exploit-db.com: https://www.exploit-db.com/exploits/52013 github.com: https://github.com/chyrp/ github.com: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip vulncheck.com: https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title

Credits

Ahmet Ümit BAYRAM