CVE-2011-2743 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php or the (3) title or (4) body parameter to admin/help.php.

Reference

http://osvdb.org/73887 http://osvdb.org/73888 http://osvdb.org/73889 http://secunia.com/advisories/45184 http://securityreason.com/securityalert/8312 http://www.justanotherhacker.com/advisories/JAHx113.txt http://www.ocert.org/advisories/ocert-2011-001.html http://www.securityfocus.com/archive/1/518890/100/0/threaded http://www.securityfocus.com/bid/48672 https://exchange.xforce.ibmcloud.com/vulnerabilities/68563