Stored XSS Vulnerability in Camaleon CMS 2.4

Stored XSS Vulnerability in Camaleon CMS 2.4

CVE-2018-18260 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE: the vendor reports that they are "unable to reproduce the reported issue on any version."

Learn more about our Cms Pen Testing.