Unrated severityNVD Advisory· Published Dec 11, 2014· Updated May 6, 2026

CVE-2014-7264

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration.

Affected products

Chyrp/Chyrp
cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*
Range: <=2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

chyrp.net/2014/11/18/chyrp-251-security-release/nvdVendor Advisory
jvn.jp/en/jp/JVN13160869/index.htmlnvdVendor Advisory
jvndb.jvn.jp/jvndb/JVNDB-2014-000149nvdVendor Advisory
github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7bebbnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000