CNNVD-202512-3384 Information
Dec 18, 2025
cve
CNNVD ID
CNNVD-202512-3384
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
CamaleonCMS是CamaleonCMS团队的一套基于RubyonRails的高级动态内容管理系统(CMS)。 CamaleonCMS 2.7.4版本存在跨站脚本漏洞,该漏洞源于持久型跨站脚本漏洞,可能导致执行任意JavaScript。
Description (English)
CamaleonCMS is the advanced dynamic content management system (CMS) based on RubyonRails for the CamaleonCMS team. The CamaleonCMS version 2.7.4 has a cross-site script loophole, which stems from a persistent cross-site script loophole that could lead to the implementation of any kind of JavaScript.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
CamaleonCMS
Published
2025-12-18
Last Modified
2026-02-24
References
https://github.com/owen2345/camaleon-cms https://www.exploit-db.com/exploits/51446 https://www.vulncheck.com/advisories/cameleon-cms-authenticated-persistent-cross-site-scripting-via-post-creation
Patch
https://github.com/owen2345/camaleon-cms/releases
Share on: