Unrated severityNVD Advisory· Published Dec 10, 2025· Updated Mar 5, 2026

Chyrp 2.5.2 Stored Cross-Site Scripting Vulnerability via Post Title

CVE-2024-58285

Description

Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.

Affected products

Chyrp/Chyrpv5
Range: 2.5.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/52013mitreexploit
www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-titlemitrethird-party-advisory
github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zipmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000