The host is running Chyrp and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to hijack the session of the administrator or to read arbitrary accessible files or to gain sensitive information by executing arbitrary scripts. Impact Level: Application

Upgrade to Chyrp version 2.1.1 or later, For updates refer to http://chyrp.net/

Multiple flaws are due to. - Insufficient input sanitisation on the parameters passed to pages related to administration settings, the javascript handler and the index handler leads to arbitrary javascript injection in the context of the user session. - Insufficient path sanitisation on the root 'action' query string parameter - 'title' and 'body' parameters are not initialised in the 'admin/help.php' file resulting in cross site scripting.

Chyrp version prior to 2.1.1

• http://packetstormsecurity.org/files/view/103098/oCERT-2011-001-JAHx113.txt

---

Updated on 2015-03-25