Two vulnerabilities in Chyrp (HTB23073) were disclosed this week:
1. XSS in "content" parameter ("includes/ajax.php" script).
2. Cross-site scripting vulnerability in "body" POST parameter ("includes/error.php" script).
Vulnerability ID: HTB23073
Public Disclosure: 22 February 2012
Vulnerable Version(s): 2.5b1 and probably prior
Vulnerabilities Type: Cross Site Scripting (XSS)
Risk level: Medium
You can see more information about Cross Site Scripting.
No comments:
Post a Comment