CVE-2024-48652

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
References
Link Resource
https://github.com/paragbagul111/CVE-2024-48652/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tuzitio:camaleon_cms:2.7.5:*:*:*:*:*:*:*

History

25 Oct 2024, 16:51

Type Values Removed Values Added
CPE cpe:2.3:a:tuzitio:camaleon_cms:2.7.5:*:*:*:*:*:*:*
References () https://github.com/paragbagul111/CVE-2024-48652/ - () https://github.com/paragbagul111/CVE-2024-48652/ - Exploit, Third Party Advisory
First Time Tuzitio
Tuzitio camaleon Cms

23 Oct 2024, 16:35

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de cross-site scripting en camaleon-cms v.2.7.5 permite a un atacante remoto ejecutar código arbitrario a través del campo de group name de contenido.

22 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-22 22:15

Updated : 2024-10-25 16:51


NVD link : CVE-2024-48652

Mitre link : CVE-2024-48652

CVE.ORG link : CVE-2024-48652


JSON object : View

Products Affected

tuzitio

  • camaleon_cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')