Chyrp CMS 2.5.2: XSSDate: 2015-10-07 15:48:57
|Affected Product:||Chyrp CMS 2.5.2|
|Fixed in:||not fixed|
|Fixed Version Link:||n/a|
|Reported to vendor:||09/01/2015|
|Disclosed to public:||10/07/2015|
|Release mode:||Full Disclosure|
|Credits||Tim Coen of Curesec GmbH|
2. Vulnerability Description
The vulnerability exists because the key of all GET arguments is echoed without encoding.
3. Proof of Concept
This issue was not fixed by the vendor.
6. Report Timeline
|09/01/2015||Informed Vendor about Issue (no reply)|
|09/22/2015||Reminded Vendor of disclosure date (no reply)|
|10/07/2015||Disclosed to public|