CVE-2012-1001
published 2019-11-21CVE-2012-1001: Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.56%
87.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chyrp | chyrp | < 2.1.2 | 2.1.2 |
| chyrp | chyrp | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation
exploitdb·2013-05-01·CVSS 7.2
CVE-2012-0809 [HIGH] sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation
sudo 1.8.0
A�AF@ F@ F@ F@ F@ ' from LD_PRELOAD cannot be preloaded: ignored.
%1073825311%21372736 %: settings:
=
%1073825311%21372736 %: settings:
=
%1073825311%21372736 %: sudo_mode 1081383169
Sorry, try again.
Sorry, try again.
Sorry, try again.
%20$08n %*482$ %*2850$ %1073741824$: 3 incorrect password attempts
%1073886251%21372736 %: policy plugin returns 1081402445
[+] Getting root..!
[+] Cleaning system.
[+] Launching root shell!
sh-4.2# id; uname -a
uid=0(root) gid=1001(aeon) groups=0(root),1001(aeon) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Linux localhost.localdomain 3.1.0-7.fc16.i686.PAE #1 SMP Tue Nov 1 20:53:45 UTC 2011 i686 i686 i386 GNU/Linux
sh-4.2# head -n1 /etc/shadow
root:$6$YxDB.SNvtnqhtt.T$slIOJSl7Lz07PtDF23m1G0evZH4MXvpo1VNebUUasM/je2sP6FXi2
Exploit-DB
Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting
exploitdb·2012-02-22
CVE-2012-1001 Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting
Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52117/info
Chyrp is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Chyrp 2.1.2 is vulnerable; other versions may also be affected.
alert(document.cookie);' />
Exploit-DB
Chyrp 2.1.1 - 'ajax.php' HTML Injection
exploitdb·2012-02-22
CVE-2012-1001 Chyrp 2.1.1 - 'ajax.php' HTML Injection
Chyrp 2.1.1 - 'ajax.php' HTML Injection
---
source: https://www.securityfocus.com/bid/52115/info
Chyrp is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Chyrp 2.1.1 is vulnerable; other versions may also be affected.
alert(document.cookie);' />
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-02/0121.htmlhttp://chyrp.net/2012/02/02/heres-whats-been-going-on-recently/http://www.securityfocus.com/bid/52115http://www.securityfocus.com/bid/52117https://github.com/vito/chyrp/commit/f69bd791c37e0b154c0bda16f9759ba19cc77f6chttps://www.htbridge.ch/advisory/HTB23073http://archives.neohapsis.com/archives/bugtraq/2012-02/0121.htmlhttp://chyrp.net/2012/02/02/heres-whats-been-going-on-recently/http://www.securityfocus.com/bid/52115http://www.securityfocus.com/bid/52117https://github.com/vito/chyrp/commit/f69bd791c37e0b154c0bda16f9759ba19cc77f6chttps://www.htbridge.ch/advisory/HTB23073
2019-11-21
Published