CVE-2014-7264
Published
CVSS v3
N/A
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration.
The ultra-lightweight ultra-flexible blogging engine with a fetish for birds and misspellings.
GitHub