Unrated severityNVD Advisory· Published Jul 19, 2011· Updated Apr 29, 2026

CVE-2011-2743

Description

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php.

Affected products

Chyrp/Chyrp5 versions
cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*range: <=2.1
- cpe:2.3:a:chyrp:chyrp:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:chyrp:chyrp:2.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:chyrp:chyrp:2.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:chyrp:chyrp:2.1:rc:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.justanotherhacker.com/advisories/JAHx113.txtnvdExploit
www.securityfocus.com/bid/48672nvdExploit
secunia.com/advisories/45184nvdVendor Advisory
osvdb.org/73887nvd
osvdb.org/73888nvd
osvdb.org/73889nvd
securityreason.com/securityalert/8312nvd
www.ocert.org/advisories/ocert-2011-001.htmlnvd
www.securityfocus.com/archive/1/518890/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/68563nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000