Camaleon CMS vulnerable to Stored Cross-site Scripting

GHSA-7f84-9cqf-g4j9 · CVE-2018-18260

Published May 13, 2022 · Modified Nov 8, 2023

Description

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-18260
PACKAGE https://github.com/owen2345/camaleon-cms
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2018-18260.yml
WEB http://packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes