Cross-Site Scripting (XSS)

camaleoncms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the content group name field, allowing a remote attacker to execute arbitrary code...

Server-Side Template Injection

camaleoncms is vulnerable to Server-Side Template Injection. The vulnerability exists because the error messages in actions and upload functions at mediacontroller.rb are not properly sanitized, which allows an attacker to inject and execute arbitrary code with the output rendered...

Cross-Site Scripting (XSS)

camaleoncms is vulnerable to cross-site scripting. The library does not properly sanitize the post's comment section, allowing malicious users to inject and execute malicious javascript...

Improper Error Handling

camaleoncms has improper error handling. The vulnerability exists due to an uncaught exception, allowing an attacker to upload a maliciously crafted .svg file...

Session Fixation

camaleoncms is vulnerable to session fixation. Even after the password is changed, the library does not terminate the user's active session, allowing a malicious user to gain unauthorized access to the application...

Cross-Site Scripting (XSS)

camaleoncms is vulnerable to cross-site scripting. Files uploaded via the media uploader are not validated. This allows a remote attacker to inject arbitrary Javascript into a victim's browser via the filename parameter...