Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation
Vulnerability Description
Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing session cookies and executing arbitrary JavaScript.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
CamaleonCMS 跨站脚本漏洞
Vulnerability Description
CamaleonCMS是CamaleonCMS团队的一套基于RubyonRails的高级动态内容管理系统(CMS)。 CamaleonCMS 2.7.4版本存在跨站脚本漏洞,该漏洞源于持久型跨站脚本漏洞,可能导致执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A