camaleon_cms 2.7.2
2 security vulnerabilities
found in version
2.7.2
Server-Side Template Injection in Camaleon CMS
critical severity CVE-2023-30145
critical severity
CVE-2023-30145
Patched versions:
>= 2.7.4
Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side
Template Injection (SSTI) vulnerability via the formats
parameter.
Camaleon CMS vulnerable to Stored Cross-site Scripting
medium severity CVE-2018-18260
medium severity
CVE-2018-18260
Unaffected versions:
< 2.4
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The
profile image in the User settings section can be run in the update / upload area
via /admin/media/upload?actions=false
.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.