{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "8312", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8312"}, {"name": "chyrp-multiple-xss(68563)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68563"}, {"tags": ["x_refsource_MISC"], "url": "http://www.justanotherhacker.com/advisories/JAHx113.txt"}, {"name": "48672", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48672"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2011-001.html"}, {"name": "73888", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/73888"}, {"name": "20110713 [oCERT-2011-001] Chyrp input sanitization errors", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/518890/100/0/threaded"}, {"name": "73887", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/73887"}, {"name": "73889", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/73889"}, {"name": "45184", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45184"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2743", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "8312", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8312"}, {"name": "chyrp-multiple-xss(68563)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68563"}, {"name": "http://www.justanotherhacker.com/advisories/JAHx113.txt", "refsource": "MISC", "url": "http://www.justanotherhacker.com/advisories/JAHx113.txt"}, {"name": "48672", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48672"}, {"name": "http://www.ocert.org/advisories/ocert-2011-001.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2011-001.html"}, {"name": "73888", "refsource": "OSVDB", "url": "http://osvdb.org/73888"}, {"name": "20110713 [oCERT-2011-001] Chyrp input sanitization errors", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/518890/100/0/threaded"}, {"name": "73887", "refsource": "OSVDB", "url": "http://osvdb.org/73887"}, {"name": "73889", "refsource": "OSVDB", "url": "http://osvdb.org/73889"}, {"name": "45184", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45184"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2743", "datePublished": "2011-07-19T21:00:00", "dateReserved": "2011-07-13T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E12A398-5363-4270-95FB-D63F2A48E42B", "versionEndIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:chyrp:chyrp:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "98801229-48D2-4E7C-A265-D9C491A4E3D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:chyrp:chyrp:2.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "A971C020-10BE-4104-BAA1-7F2AA3ADC67C", "vulnerable": true}, {"criteria": "cpe:2.3:a:chyrp:chyrp:2.1:beta2:*:*:*:*:*:*", "matchCriteriaId": "BCB4ADC9-A75F-4C0F-AC8A-151457DA8DC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:chyrp:chyrp:2.1:rc:*:*:*:*:*:*", "matchCriteriaId": "9B551CE4-0EE0-4C38-99FC-971EDE95E25E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php."}, {"lang": "es", "value": "M\u00faltiples cross-site scripting (XSS) en Chyrp v2.1 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de acci\u00f3n: (1) la URI por defecto o (2) includes / javascript.php, o (3) el t\u00edtulo o (4) par\u00e1metros de cuerpo a admin / help.php."}], "id": "CVE-2011-2743", "lastModified": "2018-10-09T19:32:59.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-07-19T21:55:00.743", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/73887"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/73888"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/73889"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45184"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8312"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.justanotherhacker.com/advisories/JAHx113.txt"}, {"source": "cve@mitre.org", "url": "http://www.ocert.org/advisories/ocert-2011-001.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/518890/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/48672"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68563"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}