exploitDog

CVE-2023-53936

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 4.8

EPSS Низкий

Описание

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript.

Ссылки

https://github.com/owen2345/camaleon-cms
Product
https://www.exploit-db.com/exploits/51446
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/cameleon-cms-authenticated-persistent-cross-site-scripting-via-post-creation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tuzitio:camaleon_cms:2.7.4:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-492m-wpjc-qpc3

CVSS3: 5.4

github

около 2 месяцев назад

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript.

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79