Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chyrp | Chyrp | <= 2.5 |
Related Weaknesses (CWE)
References
- http://chyrp.net/2014/11/18/chyrp-251-security-release/Vendor Advisory
- http://jvn.jp/en/jp/JVN13160869/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000149Vendor Advisory
- https://github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7bebbVendor Advisory
- http://chyrp.net/2014/11/18/chyrp-251-security-release/Vendor Advisory
- http://jvn.jp/en/jp/JVN13160869/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000149Vendor Advisory
- https://github.com/chyrp/chyrp/commit/43d1b6b266363ae7545d5d49851034eaeec7bebbVendor Advisory
FAQ
What is CVE-2014-7264?
CVE-2014-7264 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authentica...
How severe is CVE-2014-7264?
CVE-2014-7264 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7264?
Check the references section above for vendor advisories and patch information. Affected products include: Chyrp Chyrp.