Camaleon CMS vulnerable to Stored Cross-site Scripting
Published: May 13, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2018-18260 (NVD)
- GHSA: GHSA-7f84-9cqf-g4j9
- Vendor Advisory: http://packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
UNAFFECTED VERSIONS
< 2.4
PATCHED VERSIONS
None available.
DESCRIPTION
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The
profile image in the User settings section can be run in the update / upload area
via /admin/media/upload?actions=false.