admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-09 03:57:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2021/CVE-2021-25969.md

19 lines
896 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2021-25969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25969)
![](https://img.shields.io/static/v1?label=Product&message=camaleon_cms&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200.0.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
### Description
In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victims browser when they open the page containing the malicious comment.
### POC
#### Reference
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25969
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ChamalBandara/CVEs
Reference in New Issue Copy Permalink