Vulnerability CVE-2021-25969


Published: 2021-10-20

Description:
In ??Camaleon CMS? application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim??s browser when they open the page containing the malicious comment.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Tuzitio -> Camaleon cms 

 References:
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969
https://github.com/owen2345/camaleon-cms/commit/05506e9087bb05282c0bae6ccfe0283d0332ab3c

Copyright 2024, cxsecurity.com

 

Back to Top