CVE-2018-18260

** DISPUTED ** In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE: the vendor reports that they are "unable to reproduce the reported issue on any version."
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:tuzitio:camaleon_cms:2.4.0:*:*:*:*:*:*:*

History

22 Mar 2023, 21:15

Type Values Removed Values Added
Summary In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. ** DISPUTED ** In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE: the vendor reports that they are "unable to reproduce the reported issue on any version."

22 Oct 2021, 20:08

Type Values Removed Values Added
CPE cpe:2.3:a:tuzitio:camaleon_cms:2.4:*:*:*:*:*:*:* cpe:2.3:a:tuzitio:camaleon_cms:2.4.0:*:*:*:*:*:*:*

Information

Published : 2018-10-15 19:29

Updated : 2024-08-05 11:15


NVD link : CVE-2018-18260

Mitre link : CVE-2018-18260

CVE.ORG link : CVE-2018-18260


JSON object : View

Products Affected

tuzitio

  • camaleon_cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')