{"id":"CVE-2017-1000008","details":"Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.","modified":"2026-03-13T23:19:11.431050Z","published":"2017-07-17T13:18:16.157Z","references":[{"type":"ADVISORY","url":"https://github.com/xenocrat/chyrp-lite/commit/79bb2de7f57d163d256b6bdb127dc09cfdb6235a"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xenocrat/chyrp-lite","events":[{"introduced":"0"},{"last_affected":"5fdec05c891d06f5300a8e33ab7cbb18ef7a92a9"},{"fixed":"79bb2de7f57d163d256b6bdb127dc09cfdb6235a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2016.04"}]}}],"versions":["v2015.06","v2015.07","v2016.01","v2016.02","v2016.03","v2016.04"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000008.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}