Cross-Site Scripting (XSS)

camaleon_cms is vulnerable to cross-site scripting. Files uploaded via the media uploader are not validated. This allows a remote attacker to inject arbitrary Javascript into a victim’s browser via the filename parameter.