In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.
References
Link | Resource |
---|---|
https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c | Patch Third Party Advisory |
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mend
Published: 2021-10-20T11:55:14
Updated: 2021-11-26T13:43:59
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25969
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-20T12:15:07.517
Modified: 2021-11-29T17:22:02.467
Link: CVE-2021-25969
JSON object: View
Redhat Information
No data.
CWE