Описание
Camaleon CMS vulnerable to Stored Cross-site Scripting
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false.
Пакеты
Наименование
camaleon_cms
rubygems
Затронутые версииВерсия исправления
= 2.4
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE: the vendor reports that they are "unable to reproduce the reported issue on any version."