GSA_kwCzR0hTQS03Zjg0LTljcWYtZzRqOc3r0A

Moderate EPSS: 0.00328% (0.54776 Percentile) EPSS:

Permalink JSON

Camaleon CMS vulnerable to Stored Cross-site Scripting

Affected Packages	Affected Versions	Fixed Versions
rubygems:camaleon_cms PURL: `pkg:gem/camaleon_cms`	= 2.4	No known fixed version
7 Dependent packages 19 Dependent repositories 378,341 Downloads total Affected Version Ranges All affected versions 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-18260
http://packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2018-18260.yml
https://github.com/advisories/GHSA-7f84-9cqf-g4j9

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS03Zjg0LTljcWYtZzRqOc3r0A

Camaleon CMS vulnerable to Stored Cross-site Scripting

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API