Lucene search

RubySecRUBY:CAMALEON_CMS-2018-18260

HistoryMay 12, 2022 - 9:00 p.m.

Camaleon CMS vulnerable to Stored Cross-site Scripting

2022-05-1221:00:00

RubySec

packetstormsecurity.com

camaleon cms

stored xss

user settings

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

JSON

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The
profile image in the User settings section can be run in the update / upload area
via /admin/media/upload?actions=false.

References

packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

JSON

Related for RUBY:CAMALEON_CMS-2018-18260